Disabling CSRF check by default doesn't work for forms

[james9909]

I noticed that setting WTF_CSRF_CHECK_DEFAULT doesn't won't work if the endpoint validates any FlaskForm. The CSRF token doesn't seem to be checked, but when I check the my logs, they say that The CSRF token is missing. Would it be possible to completely disable the CSRF check for forms if WTF_CSRF_CHECK_DEFAULT is set to false?

[greyli]

As the docs said, set WTF_CSRF_ENABLED to False to disable all CSRF protection.

[james9909]

Sorry, for not clarifying, but I want to conditionally enable CSRF for certain requests using the @app.before_request decorator. The docs only say to set WTF_CSRF_CHECK_DEFAULT to false.

[james9909]

For example, adding an empty form to tests/test_csrf_extension.py and requiring it to validate causes test_protect to fail. I'm not sure if this is intended, but this behavior isn't mentioned from the docs and is kind of unintuitive.

[greyli]

Provide a minimal application may be helpful.

[james9909]

https://gist.github.com/james9909/ab1fe43c8322edee444c003df16d835a

[greyli]

I already posted a comment under your gist 17 days ago. If you have no further question, please close this issue.

[james9909]

Sorry, I didn't get any notifications about your comment on the gist, but I added some more info.

[greyli]

Since the problem was solved, could you close this issue?