# 1. session加密的时候已经配置过了.如果没有在配置项中设置,则如下:
app.secret_key = "#此处可以写随机字符串#"
# 2. 也可以写在配置类中。
class Config(object):
DEBUG = True
SECRET_KEY = "dsad32DASSLD*13%^32"
"""加载配置"""
app.config.from_object(Config)
from flask.ext.wtf import CSRFProtect
CSRFProtect(app)
<form method="post" action="/">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
</form>
from flask import Flask, render_template, request
from flask_wtf import CSRFProtect
app = Flask(__name__, template_folder='templates')
csrf = CSRFProtect(app)
app.config["SECRET_KEY"] = '223223qwq'
@app.route('/')
def index():
data = {}
return render_template('index5.html', **data)
@app.route('/login', methods=["POST"])
def login():
print(request.form)
# ImmutableMultiDict([('csrf_token', 'IjcwYWE0YjU3MmY5OWU4MzczNTM2MWJiNjc4NTQ0NjE4MTA2MzliMjAi.X7pChg.dH_NdAfCArZLJSPL8RMrJGc2Lqs'), ('username', ''), ('password', '')])
return 'ok'
if __name__ == '__main__':
app.run(debug=True)
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Document</title>
</head>
<body>
<form action="{{ url_for('login') }}" method="post">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}" >
账号: <input type="text" name="username" value=""><br><br>
密码: <input type="password" name="password" value=""><br><br>
<input type="submit" value="登录">
</form>
</body>
</html>