CSRF Exemption? - Githubissues

graphql-python / flask-graphql

Adds GraphQL support to your Flask application.

MIT License

1.33k stars 140 forks source link

CSRF Exemption? #84

Open KrishyV opened 4 years ago

KrishyV commented 4 years ago

With Django and Graphene users can do the following to exempt the graphql endpoint from CSRF authentication.

urlpatterns = [
    path("admin/", admin.site.urls),
    path("graphql", csrf_exempt(GraphQLView.as_view(graphiql=True, schema=schema))),
]

How can one do this with Flask-GraphQL?


app.add_url_rule(
    '/graphql',
    view_func=GraphQLView.as_view(
        'graphql',
        schema=schema,
        graphiql=True

    )
)```

KrishyV commented 4 years ago

Not quite a solution as elegant as what Django has but here is what I did.

I created a Blueprint just for my GraphQL API and exempted the whole blueprint from CSRF.


api.add_url_rule(
    '/graphql',
    view_func=GraphQLView.as_view(
        'graphql',
        schema=schema,
        graphiql=True
    )
)

csrf.exempt(api)