When mixing flask-htmx and flask-wtf with CSRF_ENABLED, all hx-post stop working because of a missing CSRF token. bootstrap-flask suffers the same problem (with POST actions in autorendered
I'm not sure if it's the job of this extension, but it would be great if somehow this problem is made to automagically disappear when using this module in a flask/htmx project.
When mixing
flask-htmx
andflask-wtf
with CSRF_ENABLED, all hx-post stop working because of a missing CSRF token.bootstrap-flask
suffers the same problem (with POST actions in autorenderedCSRFProtect
, bundled withflask-wtf
(see https://bootstrap-flask.readthedocs.io/en/stable/macros/#render-table).I'm not sure if it's the job of this extension, but it would be great if somehow this problem is made to automagically disappear when using this module in a flask/htmx project.
although it seems that Django-HTMX is also relying on the template implementation to resolve it: https://django-htmx.readthedocs.io/en/latest/tips.html#make-htmx-pass-the-csrf-token
Yes, I think passing the CSRF token to the template inside a
hx-headers
attribute is the best approach, as suggested by django-htmx.got it!