search

mattupstate / overholt

Example Flask application illustrating some of my common practices
http://mattupstate.com/blog/how-i-structure-my-flask-applications/
MIT License
1.6k stars 236 forks source link

Disable CSRF for API routes #15

Closed davidmturner closed 10 years ago

davidmturner commented 10 years ago

Pass csrf_enabled=False to the form when instantiating for the API.

davidmturner commented 10 years ago

Don't you want disable csrf tokens for the API methods?

mattupstate commented 10 years ago

@davidmturner No, the API's authentication mechanism is session based with means CSRF is a problem.