#在 Flask 中, Flask-wtf 扩展有一套完善的 csrf 防护体系
from flask import Flask,render_template,request
from flask_wtf import CSRFProtect
app = Flask(__name__, template_folder="templates")
csrf = CSRFProtect(app) """初始化csrf防范机制"""
app.config["SECRET_KEY"] = "1234asda"
@app.route("/")
def index():
data = {}
return render_template( "index7.html", **data )
@app.route("/login",methods=["POST"])
def login():
print(request.form)
return "ok"
if __name__ == '__main__':
app.run(debug=True)
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Document</title>
</head>
<body>
<form action="{{ url_for('login') }}" method="post">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}" > #配置csrf_token
账号: <input type="text" name="username" value=""><br><br>
密码: <input type="password" name="password" value=""><br><br>
<input type="submit" value="登录">
</form>
</body>
</html>