Menu
I have been trying to build a web app using flask and wtforms and a firebase database, but I keep getting the error message "KeyError: 'A secret key is required to use CSRF.'" and I don't know how to solve it. here is my code:
from flask import Flask, render_template, request
from firebase import firebase
from flask_wtf import FlaskForm
from flask_wtf.csrf import CSRFProtect, CSRFError
from wtforms import DateField, StringField, TextAreaField
from wtforms.validators import DataRequired
from wtforms_components import TimeField
app = Flask(__name__)
csrf = CSRFProtect(app)
firebase = firebase.FirebaseApplication("https://uhungry-f9563.firebaseio.com", None)
class myForm(FlaskForm):
event = StringField("event", validators=[DataRequired()])
location = StringField("location", validators=[DataRequired()])
startDay = DateField("startDay", validators=[DataRequired()])
startTime = TimeField("startTime", validators=[DataRequired()])
endDay = DateField("endDay", validators=[DataRequired()])
endTime = TimeField("endTime", validators=[DataRequired()])
details = TextAreaField("details", validators=[DataRequired()])
count = 0
@app.route('/', methods=['GET' , 'POST'])
def home():
form = myForm()
if form.validate_on_submit():
global count
count += 1
putData = {'Event': form.event.data, 'Location': form.location.data, 'startDay': form.startDay.data, 'startTime': form.startTime.data,'endDay': form.endDay.data, 'endTime': form.endTime.data, 'Details': form.details.data}
firebase.put('/events', 'event' + str(count), putData)
return render_template("trial.html")
return render_template("home.html")
if __name__ == '__main__':
app.run(debug=True)
509
To enable CSRF protection globally for a Flask app, register the CSRFProtect extension. CSRF protection requires a secret key to securely sign the token. By default this will use the Flask app's SECRET_KEY . If you'd like to use a separate token you can set WTF_CSRF_SECRET_KEY .
Each Flask web application contains a secret key which used to sign session cookies for protection against cookie data tampering. It's very important that an attacker doesn't know the value of this secret key.
You are getting this error because you haven't set up a secret key. Without a secret key you can't use many features such as flash, flask-login and of course, as you have experienced, CSRF protection.
The easiest way to solve this would be to set up a secret key in your app config file but unlike what the other answers have shown, it is strongly recommended to save all of your Keys (especially keys to some paid APIs or services such as AWS) in a separate .env file that is not shared when the code is distributed. Luckily, for the secret key, you don't have to worry about the environment variables and you can just create a random secret key as follows:
import os
SECRET_KEY = os.urandom(32)
app.config['SECRET_KEY'] = SECRET_KEY
you need to add a SECRET_KEY in the application configuration to take advantage of csrf protection and provide a WRF CSRF SECRET_KEY otherwise your secret key will be used instead
app.config.update(dict(
SECRET_KEY="powerful secretkey",
WTF_CSRF_SECRET_KEY="a csrf secret key"
))
Add this line to your app code:
app.config['SECRET_KEY'] = 'any secret string'
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
