search

helloflask / flask-dropzone

Upload files in Flask application with Dropzone.js.
https://flask-dropzone.readthedocs.io
MIT License
250 stars 69 forks source link

Only add CSRF protect for upload view #27

Closed ar-anvd closed 4 years ago

ar-anvd commented 5 years ago

Hello,

Using the current setup of the docs, the csrf protection will apply to the every form and every post of the app, this config ideally should apply only to the upload of dropzone, not the entire app.

greyli commented 4 years ago

Hi, you will need to handle this by yourself since the extension CSRFProtect default to enable CSRF check for all POST requests. The solution will be like this:

from flask import request

app.config['WTF_CSRF_CHECK_DEFAULT'] = False  # disable all check

@app.before_request
def check_csrf():
    if request.endpoint == 'your-upload-view-func-name':  # only protect your upload endpoint
        csrf.protect()

Find more info on it's docs.