Protecting applications from CSRF
In the first recipe of this chapter, we learned that CSRF is an important part of web form security. We will now talk about this in detail. CSRF basically means that someone can hack into the request that carries a cookie and use this to trigger a destructive action. We won’t be discussing CSRF in detail here, since ample resources are available on the internet to learn about it. We will talk about how WTForms helps us to prevent CSRF. Flask does not provide any security against CSRF by default, as this has to be handled at the form-validation level, which is not a core feature of Flask as a framework. However, in this recipe, we will see how this can be done for us by using the Flask-WTF extension.
Information
More information about CSRF can be found at https://owasp.org/www-community/attacks/csrf.
How to do it...
Flask-WTF, by default, provides a form that is CSRF-protected. If we have a look at the recipes so far, we can see that...
 
                                             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
     
         
                 
                 
                 
                 
                 
                 
                 
                 
                