我有一个 Flask 项目,基本上有 2 个表单类,它们充当第三个表单类中的子表单。我将 2 个子表单与 FormField 字段一起使用。问题是,当我提交表单时,我收到两个子表单的 csrf_token 错误。如果我在子表单中使用 csrf=false 属性,我不会明白这一点,但这是否意味着我对 CSRF 攻击持开放态度?
class AddressForm(FlaskForm):
address = StringField(label='Address', validators=[DataRequired()])
address2 = StringField(label='Address 2', validators=[Optional()])
city = StringField(label='City', validators=[DataRequired()])
county = SelectField(label='County', validators=[DataRequired()], choices=[], coerce=int)
class Meta:
csrf = False
class NameForm(FlaskForm):
first_name = StringField(label='First Name', validators=[DataRequired(), Length(min=2)] )
last_name = StringField(label='Last Name', validators=[DataRequired(), Length(min=2)] )
class Meta:
csrf = False
class OrderForm(FlaskForm):
# Customer Details
customer_name = FormField(NameForm, separator='_')
customer_email = EmailField(label='Email', validators=[DataRequired(), Email()])
customer_mobile_phone = StringField(label='Mobile Phone Number', validators=[DataRequired()])
customer_alternative_phone = StringField(label='Alternative Phone Number', validators=[Optional()])
# Delivery Details
delivery_address = FormField(AddressForm, separator='_')
area = SelectField(label='Area', validators=[DataRequired()], coerce=int)
我已在表单中添加了 {{ form.hidden_tag() }},并且还配置了 SECRET_KEY。
最佳答案
因此,经过大量搜索和观看视频后,我注意到在进行 FormFields 时,所有内容都引用了 Form 而不是 FlaskForm。看起来一个页面上只能有一个 FlaskForm...子表单必须是 Form 类。我将子表单更改为从 Form 而不是 FlaskForm 继承,并且它有效。 FlaskForm继承自Form,默认启用并配置了csrf。
- https://flask-wtf.readthedocs.io/en/stable/form.html
- https://flask-wtf.readthedocs.io/en/stable/api.html#flask_wtf.FlaskForm
- https://wtforms.readthedocs.io/en/2.3.x/forms/
class AddressForm(Form):
address = StringField(label='Address', validators=[DataRequired()])
address2 = StringField(label='Address 2', validators=[Optional()])
city = StringField(label='City', validators=[DataRequired()])
county = SelectField(label='County', validators=[DataRequired()], choices=[], coerce=int)
class NameForm(Form):
first_name = StringField(label='First Name', validators=[DataRequired(), Length(min=2)] )
last_name = StringField(label='Last Name', validators=[DataRequired(), Length(min=2)] )
关于python - WTForms FormField 导致 csrf_token 错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/62372611/