Configuration¶
|
Set to |
|
When using the CSRF protection extension, this
controls whether every view is protected by default.
Default is |
|
Random data for generating secure tokens. If this is
not set then |
|
HTTP methods to protect from CSRF. Default is
|
|
Name of the form field and session key that holds the
CSRF token. Default is |
|
HTTP headers to search for CSRF token when it is not
provided in the form. Default is
|
|
Max age in seconds for CSRF tokens. Default is
|
|
Whether to enforce the same origin policy by checking
that the referrer matches the host. Only applies to
HTTPS requests. Default is |
|
Set to |
Recaptcha¶
|
required A public key. |
|
required A private key. https://www.google.com/recaptcha/admin |
|
optional A dict of configuration options. |
|
optional Override default HTML template for Recaptcha. |
|
optional A dict of |
Logging¶
CSRF errors are logged at the INFO
level to the flask_wtf.csrf
logger.
You still need to configure logging in your application in order to see these
messages.