Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Flask disable CSRF in unittest

Tags:

flask

flask-wtforms

In my projects __init__.py I have this:

app = Flask(__name__)
app.config.from_object('config')
CsrfProtect(app)
db = SQLAlchemy(app)

My development config file looks like:

import os
basedir = os.path.abspath(os.path.dirname(__file__))

DEBUG = True
WTF_CSRF_ENABLED = True
SECRET_KEY = 'supersecretkey'
SQLALCHEMY_DATABASE_URI = 'sqlite:///' + os.path.join(basedir, 'project.db')
SQLALCHEMY_TRACK_MODIFICATIONS = False

And in my unittest setUp I have this:

from project import app, db

class ExampleTest(unittest.TestCase):
   def setUp(self):
        app.config['TESTING'] = True
        app.config['WTF_CSRF_ENABLED'] = False
        app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite://'
        self.app = app.test_client()
        db.create_all()

In theory, setting WTF_CSRF_ENABLED to False here should prevent CSRF for the unit tests, however I'm still getting CSRF errors if I do a POST while unit testing. I think it is because I have already called CsrfProtect(app) while WTF_CSRF_ENABLED is True (when I import app, it is called). If I set WTF_CSRF_ENABLED = False in the config file, it works as expected.

Is there anyway I can disable CSRF after it has already been enabled? Or am I barking up the wrong tree here?

like image 323
vimalloc Avatar asked Jul 27 '16 22:07

vimalloc

People also ask

How do I disable CSRF Flask?

You can disable CSRF protection in all views by default, by setting WTF_CSRF_CHECK_DEFAULT to False , and selectively call protect() only when you need. This also enables you to do some pre-processing on the requests before checking for the CSRF token.

What is FlaskForm?

The FlaskForm base class is defined by the Flask-WTF extension, so it is imported from flask_wtf . The fields and validators, however, are imported directly from the WTForms package. The list of standard HTML fields supported by WTForms is shown in Table 4-1. Table 4-1. WTForms standard HTML fields.

1 Answers

You can disable it using the config variable WTF_CSRF_ENABLED,

for example

class TestConfig(Config):
    TESTING = True
    WTF_CSRF_ENABLED = False
    ...

or app.config['WTF_CSRF_ENABLED'] = False

See also flask-WTF documentation

like image 120
Jorge Leitao Avatar answered Sep 21 '22 19:09

Jorge Leitao
Sign in to Comment

Related questions

Jinja variables within the Flask url_for function [duplicate]
Flask load local json
Flask hangs when sending a post request to itself
Pylint false positive for Flask's "app.logger": E1101: Method 'logger' has no 'debug' member (no-member)
Search document in MongoDB by _id using Flask-pymongo extension
SQLAlchemy - Is there a way to see what is currently in the session?
Can only run uwsgi with root
Flask-Migrate sqlalchemy.exc.NoReferencedTableError: Foreign key associated with column
How to generate a unique auth token in python?
favicon.ico results in 404 error in flask app
Change Flask logs from INFO to DEBUG
How to GET data in Flask from AJAX post
Managing parameters of URL (Python Flask)
Debugging flask with pdb
How can I detect whether a variable exists in Flask session?
Flask app that routes based on subdomain
Python Flask WTForms: How can I disable a field dynamically in a view?
How to convert all Decimals in a Python data structure to string?
How to write Flask decorator with request?
Render multiple templates at once in Flask

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!