WTF_CSRF_ENABLED |
Set to False to disable all CSRF protection. |
|
When using the CSRF protection extension, this controls whether every view is protected by default. Default is |
|
Random data for generating secure tokens. If this is not set then |
|
HTTP methods to protect from CSRF. Default is |
|
Name of the form field and session key that holds the CSRF token. |
|
HTTP headers to search for CSRF token when it is not provided in the form. Default is |
|
Max age in seconds for CSRF tokens. Default is |
|
Whether to enforce the same origin policy by checking that the referrer matches the host. Only applies to HTTPS requests. Default is |
WTF_I18N_ENABLED |
Set to False to disable Flask-Babel I18N support. |
RECAPTCHA_PUBLIC_KEY |
required A public key. |
|
required A private key. https://www.google.com/recaptcha/admin |
RECAPTCHA_PARAMETERS |
optional A dict of configuration options. |
|
optional Override default HTML template for Recaptcha. |
|
optional A dict of |
CSRF errors are logged at the INFO
level to the flask_wtf.csrf
logger. You still need to configure logging in your application in order to see these messages.