add support for CSRF Token with flast_wtf

[ezeagwulae]

Using FMD within an application that enforces CSRF token with flask_wtk returns "The CSRF token is missing."

The current workaround is to exempt the blueprint from csrf before initializing, using:

from flask_wtf import CSRFProtect
csrf = CSRFProtect()
csrf.exempt(monitor.blueprint)

It would be great to have a way to set this. A couple of options:

• adding a security section to the config file and parsing in flask_monitoringdashboard/core/config/init.py:126
• adding an argument to the bind method i.e. dashboard.bind(csrf=True)

Happy to explore this if useful.

[FlyingBird95]

We are not using the flask_wtf package in our FMD, and I don't see a reason to change this.

You already provide a specific work around, which will help your development. I don't think that this option will help many other developers IMO.

Kind regards,

Patrick

[jnguiot]

Hi!

As ezeagwulae, I have bumped into the same issue. This workaround works great: thank you.

I can understand this project does not want to use flask_wtf. However, is there a CSRF protection integrated? If ezeagwulae cannot get a look into it, I could try to help too.

Best Regards.