使用流程:
1.安装扩展包
pip install flask-wtf
2.导入包
from flask_wtf import CSRFProtect
3.创建CSRFProtect对象,保护app对象
4.设置SECRET_KEY,便于csrf_token加密
5.需要在表单中设置csrf_token即可
例子:
from flask import Flask, render_template, request from flask_wtf import CSRFProtect app = Flask(__name__) # 创建csrf对象,保护app CSRFProtect(app) # 设置密钥 app.config["SECRET_KEY"] = "AAAAA" @app.route('/', methods=['GET', 'POST']) def hello_world(): if request.method == "GET": return render_template('file02.html') elif request.method == "POST": username = request.form.get("username") password = request.form.get("password") repassword = request.form.get("repassword") if not all([username, password, repassword]): return "参数填写不全" if password != repassword: return "两次密码输入不一致" return "恭喜你~注册成功!" return render_template("file02.html") if __name__ == '__main__': app.run()
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Title</title> </head> <body> <form action="" method="post"> {# 在表单中设置csrf_token的隐藏字段#} <input type="hidden" name="csrf_token" value="{{ csrf_token() }}"> 用户名:<input type="text" name="username"><br> 密码:<input type="password" name="password"><br> 确认密码:<input type="password" name="repassword"><br> <input type="submit" value="注册"> </form> </body> </html>