CSRF Token handling unclear

Question

CSRF Token handling unclear

WolfgangFahl opened this issue 3 years ago · comments

To get CSRF Token handling as outline in https://flask-dropzone.readthedocs.io/en/latest/advanced.html
I tried:

   # enable CSRF protection
        self.app.config['DROPZONE_ENABLE_CSRF'] = True

<!--  https://github.com/greyli/flask-dropzone/issues/29 -->
<script type="text/javascript">
	Dropzone.options.myDropzone.headers = {"X-CSRF-Token": "{{ csrf_token() }}"}
</script>
	<h1>Upload Form</h1>
    {{ render_form(upload_form) }}
    {{ dropzone.create(action=url_for('test_upload')) }}
    {{ dropzone.config() }}

but still i get:

<title>400 Bad Request</title>

Bad Request

The CSRF token is missing.