Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

WTF_CSRF_EXEMPT_LIST doesn't work

See original GitHub issue

Hello I have last version of superset, and I need to add an exception for CSRF. I tried with

WTF_CSRF_EXEMPT_LIST = ['http://localhost:8088/login'],

but doesn’t work. Thanks for all.

Issue Analytics

State:
Created 5 years ago
Comments:6 (1 by maintainers)

Top GitHub Comments

1reaction

kevinflaherty1commented, Mar 25, 2020

Realized it was the directory path to the file that was needed so in my case I had a customer_security_manager.py file alongside my superset_config.py and WTF_CSRF_EXEMPT_LIST = ['custom_security_manager.login'] worked.

0reactions

kevinflaherty1commented, Mar 25, 2020

@brayan-arrieta any luck on this? Having the same issue.

Top Results From Across the Web

Flask-Restful POST fails due CSRF protection of Flask-WTF

It appears you cannot protect individual resources and exempt others; this is a limitation in the method used by Flask-Wtf's method of recording ......

Fix Missing CSRF Token Issues with Flask

Learn how to fix bad request / CSRF token missing errors with Flask that stem from bugs with webkit based browsers.

CSRF Protection — Flask-WTF Documentation (0.15.x)

To enable CSRF protection globally for a Flask app, register the CSRFProtect extension. ... CSRF protection requires a secret key to securely sign...

CSRF Protection in Flask

CSRF attacks can be prevented by using a CSRF token -- a random, unguessable string -- to validate the request origin. For unsafe...

csrf.exempt on a view in a Blueprint imported by app.py #256

If you have a view in a Blueprint, you cannot csrf-exempt it, because of circular imports OR RuntimeError: Working outside of application ......