uday-rayala
commented
5 years ago Hi, Is there any update or work around about this issue?
Open longhotsummer opened 8 years ago
uday-rayala
commented
5 years ago Hi, Is there any update or work around about this issue?
julien66
commented
3 years ago Hi, stumbling across very same issue here. If I use form_edit_rules or form_create_rules then the csrf_token vanish and validation form validation fails. A workaround is to include the token in the ruleset but if we do as a field then the label gets rendered. A workaround may be to create a custom rules/macro to get it displayed it as an hidden field.
demetrius-mp
commented
2 years ago this is my attempt on solving this problem https://github.com/flask-admin/flask-admin/issues/2170#issuecomment-954456689
There is no way to include hidden fields when using
form_edit_rulesorform_create_rules.We use flask-wtf's built-in CSRF support. When using a ruleset for a view's form, it strips (and warns) about any fields that are on the form but not part of the ruleset's visible fields -- naturally the csrf_token field is stripped.
How can I tell the ruleset to either not strip the csrf_token field, or explicitly include it in the ruleset but force it not to be rendered?