CSRF Extension Cheatsheet#

Basic App:#

from quart import Quart, render_template
from quart_wtf import CSRF

app = Quart(__name__)

csrf = CSRF(app)

# Continue setting up the app.

Large App:#

youapplication/app.py#
from quart import Quart
from quart_wtf import CSRF

csrf = CSRF()

def create_app() -> Quart:
    app = Quart(__name__)

    csrf.init_app(app)

    # Other app registration here.

    return app

Custom Error Response:#

from quart_wtf import CSRFError

@app.errorhandler(CSRFError)
async def handle_csrf_error(e):
    return await render_template('csrf_error.html', reason=e.description), 400

Exclude Views from Protection:#

@app.route('/foo', methods=('GET', 'POST'))
@csrf.exempt
async def my_handler():
    # ...
    return 'ok'

You can exclude all the views of a blueprint as well.

csrf.exempt(account_blueprint)
On this page
Show Source