search

python-restx / flask-restx

Fork of Flask-RESTPlus: Fully featured framework for fast, easy and documented API development with Flask
https://flask-restx.readthedocs.io/en/latest/
Other
2.16k stars 335 forks source link

CSRF token support in Swagger UI is broken #96

Open andreixk opened 4 years ago

andreixk commented 4 years ago

I'm using flask-jwt-extended for JWT handling and enabled CSRF protection.

Code

app.py

from flask_restx import Api, Resource
from flask import Flask, Blueprint
from flask_jwt_extended import JWTManager
from flask_cors import CORS
app = Flask(__name__)

CORS(app, resources={r"/*": {"origins": "*", "supports_credentials": True}})
app.config['JWT_TOKEN_LOCATION'] = ['cookies']
app.config['JWT_COOKIE_CSRF_PROTECT'] = True
app.config['JWT_COOKIE_SAMESITE'] = 'Strict'
app.config['JWT_ACCESS_TOKEN_EXPIRES'] = 36000
jwt = JWTManager(app)

blueprint = Blueprint('api', __name__, url_prefix='/api/v1')

main_api = Api(
    blueprint,
    title="Main API",
    version='1.0',
    description='API documentation',
    doc='/swagger',
)
# User actions
main_api.add_namespace(user.ns)
app.register_blueprint(blueprint)

Repro Steps (if applicable)

  1. Run the app
  2. Try to use the swagger endpoints

Expected Behavior

Proper function

Actual Behavior

401 Error: UNAUTHORIZED Response body: { "msg": "Missing CSRF token" }

Environment

Additional Context

There is a very similar open ticket in flask-restplus. There was even a PR, that was never merged.

Nantero1 commented 4 years ago

+1 Any updates?

AlexOcheretianyi commented 4 years ago

Any updates?

carlosvega commented 4 years ago

Hi, any updates?