-
Notifications
You must be signed in to change notification settings - Fork 310
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SESSION_COOKIE_SECURE = True Causing CSRF to always fail #76
Comments
Is your server https? |
When running with https, no problem. I guess it's a non-issue, although ideally it wouldn't have adverse affects when performing a CSRF check |
@owenmead This is a non-issue. It has nothing to do with Flask-WTF and Flask. I am closing it now. |
Yikes, I just spent a good week racking my brain on this. Adding the phrase below so that it helps anyone else searching for this issue, because I couldn't find it. Glad there was no issue.. (except me)
|
Whenever SESSION_COOKIE_SECURE is set to True, CSRF always fails.
Default setting for SESSION_COOKIE_SECURE is False.
The text was updated successfully, but these errors were encountered: