I have a project with 30-odd files py files with multiple config files which are loaded as per the environment is set (like default + [DEV|UAT|PROD]). I was integrating CSRF with my application and it was just not working, i tried it for 1+ hrs and thought something is wrong in my app. i tried on another simple Flask app and it worked within a minute on both Python 2 & 3. I spent some time on google to look for reason behind generating "Empty" token but it was of no help!
Finally i decided to debug the code (which i should have done it first and within 5 minutes i discovered the code self._csrf_disable = app.config.get('CSRF_DISABLE', app.config.get('TESTING', False)) . i don't remember how or when this was set but after changing TESTING = False it worked. sadly i wasted around 2+ hours on this.
Please update the documentation to include warning / info, mentioning TESTING = True will disable generation of tokens and if it's not too much don't return silently on TESTING mode, add some warning like one below
# not properly indented!
def _before_request(self):
if self._csrf_disable:
import warning # this would be at the top
warnings.warn('Warning: Running application in TESTING mode, TESTING is set to True in config!')
I have a project with 30-odd files py files with multiple config files which are loaded as per the environment is set (like default + [DEV|UAT|PROD]). I was integrating CSRF with my application and it was just not working, i tried it for 1+ hrs and thought something is wrong in my app. i tried on another simple Flask app and it worked within a minute on both Python 2 & 3. I spent some time on google to look for reason behind generating "Empty" token but it was of no help!
Finally i decided to debug the code (which i should have done it first and within 5 minutes i discovered the code
self._csrf_disable = app.config.get('CSRF_DISABLE', app.config.get('TESTING', False))
. i don't remember how or when this was set but after changing TESTING = False it worked. sadly i wasted around 2+ hours on this.Please update the documentation to include warning / info, mentioning TESTING = True will disable generation of tokens and if it's not too much don't return silently on TESTING mode, add some warning like one below