Skip to content
This repository has been archived by the owner on Oct 15, 2019. It is now read-only.

forms: Flask-WTF v0.14.2 doesn't remove csrf_token field from data #6

Open
slint opened this issue Apr 10, 2017 · 1 comment
Open

forms: Flask-WTF v0.14.2 doesn't remove csrf_token field from data #6

slint opened this issue Apr 10, 2017 · 1 comment
Labels
developers question

Comments

@slint
Copy link
Member

slint commented Apr 10, 2017

Problem

Flask-WTF v0.14.2 doesn't remove the csrf_token field from Form.data any more, making certain views that used to pass the form.data dictionary as **kwargs to the models' constructor (eg. in Community creation) to fail.

Possible Solutions

(open to suggestions)

  • data.pop("csrf_token") before such calls
  • PR to Flask-WTF to recover/control this behavior, possibly through config (I suspect we're not the only people expanding form.data in function calls)
  • Define forms using WTForms-Alchemy as already done in invenio_oauth2server.forms, and retrieve the data using form.populate_obj(c)
@slint
Copy link
Member Author

slint commented Jul 25, 2017
edited
Loading

Relevant: pallets-eco/flask-wtf#297

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
developers question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@slint