search

maxcountryman / flask-seasurf

SeaSurf is a Flask extension for preventing cross-site request forgery (CSRF).
http://readthedocs.org/docs/flask-seasurf/
Other
190 stars 49 forks source link

Error with Flask-WTForms Usage #106

Closed nknantha closed 2 years ago

nknantha commented 2 years ago

As per docs setting up flask app with WTForms it throws ImportError. 

ImportError: cannot import name 'SeaSurfForm' from partially initialized module 'seasurf_form' (most likely due to a circular import)

And HiddenField, TextField, PasswordField are part of wtforms package not under flask_wtf. Also DataRequired, Email are inside wtforms.validators not under flask_wtf.

On wtforms, https://github.com/wtforms/wtforms/blob/244c8d6b15accb3e2efd622241e5f7c1cc8abb9d/wtforms/form.py#L181-L200
Above code ignores attributes starting with '_'. So it'll ignore seasurf's csrf token field(CSRF_COOKIE_NAME) having default name '_csrf_token'