Flask WTF cookie based CSRF

api.js

// npm i js-cookie --save
import axios from 'axios'
import Cookies from 'js-cookie'

const api = axios.create({
  headers: {
    'Content-Type': 'application/json',
    'X-CSRF-TOKEN': Cookies.get('csrf_token')
})

app.py

from flask import Flask, request
from flask_wtf import CSRFProtect, generate_csrf

app = Flask(__name__)
CSRFProtect(app)

@app.after_request
def inject_csrf_token(response):
    response.set_cookie('csrf_token', generate_csrf())
    return response