Flask-WTF CSRF Demo for rduplain/flask-wtf/#32

app.py

from flask import Flask

from flask.ext.wtf import Form, TextField

SECRET_KEY = "asdfhjgfdsyuhgfcxdsrethgf"

class MyForm(Form):
        name = TextField('Name')

app = Flask(__name__)
app.config.from_object(__name__)

@app.route('/csrf')
def test():
    form = MyForm()
    print form.csrf_token
    return form.csrf_token()
    
@app.route('/disabled_csrf')
def test_2():
    form = MyForm(csrf_enabled=False)
    print form.csrf_token
    return form.csrf_token()

if __name__ == "__main__":
    app.run()

output

ajford@host:pyscratch$ python app.py
 * Running on http://127.0.0.1:5000/
<input id="csrf_token" name="csrf_token" type="hidden" value="20120529174914##5a0728fdd24cc949413547c7759a32ca6c16e5e5">
127.0.0.1 - - [29/May/2012 17:19:14] "GET /csrf HTTP/1.1" 200 -
127.0.0.1 - - [29/May/2012 17:19:14] "GET /favicon.ico HTTP/1.1" 404 -
<input id="csrf_token" name="csrf_token" type="hidden" value="None">
127.0.0.1 - - [29/May/2012 17:19:22] "GET /disabled_csrf HTTP/1.1" 200 -
127.0.0.1 - - [29/May/2012 17:19:22] "GET /favicon.ico HTTP/1.1" 404 -