Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SESSION_COOKIE_SECURE = True Causing CSRF to always fail #76

Closed
owenmead opened this issue Jul 18, 2013 · 4 comments
Closed

SESSION_COOKIE_SECURE = True Causing CSRF to always fail #76

owenmead opened this issue Jul 18, 2013 · 4 comments

Comments

@owenmead
Copy link

Whenever SESSION_COOKIE_SECURE is set to True, CSRF always fails.

Default setting for SESSION_COOKIE_SECURE is False.
@lepture
Copy link
Contributor

lepture commented Jul 18, 2013 

A secure cookie has the secure attribute enabled and is only used via HTTPS, ensuring that the cookie is always 
encrypted when transmitting from client to server. This makes the cookie less likely to be exposed to cookie theft via 
eavesdropping.

Is your server https?

@owenmead
Copy link
Author

When running with https, no problem. I guess it's a non-issue, although ideally it wouldn't have adverse affects when performing a CSRF check

@lepture
Copy link
Contributor

lepture commented Jul 25, 2013

@owenmead This is a non-issue. It has nothing to do with Flask-WTF and Flask. I am closing it now.

@lepture lepture closed this as completed Jul 25, 2013
@groteworld
Copy link
Contributor

Yikes, I just spent a good week racking my brain on this. Adding the phrase below so that it helps anyone else searching for this issue, because I couldn't find it. Glad there was no issue.. (except me)

{'csrf_token': ['CSRF token missing']}

@hachreak hachreak mentioned this issue Aug 9, 2017
Closed
@wtforms wtforms deleted a comment from ardijanr Oct 26, 2020
@wtforms wtforms locked and limited conversation to collaborators Oct 26, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@owenmead @lepture @groteworld