csrf session token invalid

Question

csrf session token invalid

Closed this issue 2 years ago · 2 comments

On browsers with Block Third Party cookies and other cookie modifications, flask-wtf invalidates the session token much more frequently. This leads to an unusable app that keeps flagging the CSRF violation error.

Answer 1 · 2023-06-13T11:30:44.000Z

Temporarily DISABLED CSRF protection for the meantime. I will need to investigate this later as we are running in an inoperable state.

Answer 2 · 2023-06-21T06:52:19.000Z

Might be due to the fact multiple instances are being created of the application, and the secret_key is being mutated when it shouldn't.