Comments (17)
Is the same SECRET_KEY
being used in instance/settings.py
? Because that one is going to "win" vs the one in config/settings.py
. If you recently switched the key, you would need to restart your server for it to take effect.
Is it a custom form you've added to the project? Is it being executed via ajax or a regular submission?
CSRF tokens get injected into all forms created with this macro due to L75:
https://github.com/nickjj/build-a-saas-app-with-flask/blob/master/catwatch/templates/macros/form.jinja2#L59
There's also this as well for ajax submissions:
https://github.com/nickjj/build-a-saas-app-with-flask/blob/master/catwatch/templates/layouts/base.jinja2#L12
You will need to adjust your ajax calls to use that meta tag like so:
https://github.com/nickjj/build-a-saas-app-with-flask/blob/master/catwatch/assets/scripts/stripe.js#L115
https://github.com/nickjj/build-a-saas-app-with-flask/blob/master/catwatch/assets/scripts/stripe.js#L80-L89
from build-a-saas-app-with-flask.
its not ajax or custom
just the normal sign in or sign up > csrf token invalid or missing
from build-a-saas-app-with-flask.
Sounds like there might be something wrong in your production environment because it sounds like it's working in development?
from build-a-saas-app-with-flask.
yes it work in development!
but what can be wrong? only SECRET_KEY in settings/instance.py is different
should be defined anywhere else?
from build-a-saas-app-with-flask.
csrf only depend on SECRET_KEY value correct?
from build-a-saas-app-with-flask.
You might be using an old version of the secret_key and you're getting a mismatch. Try restarting Flask.
from build-a-saas-app-with-flask.
i do: sudo systemctl restart docker
still not work, same csrf error
should SECRET_KEY only be in instance/settings.py?
from build-a-saas-app-with-flask.
It should be in both. config/settings.py will be used in development and instance/settings.py will be used in production or any environment where you'd want to protect sensitive data.
from build-a-saas-app-with-flask.
only SECRET_KEY affect CSRF correct?
from build-a-saas-app-with-flask.
also does ssl certificate? because i didn't do that step yet, still unsecured
from build-a-saas-app-with-flask.
Flask-WTF mentions that it uses SECRET_KEY in their docs here: https://flask-wtf.readthedocs.org/en/v0.8.3/#configuring-flask-wtf
Lack of SSL wouldn't effect anything with CSRF warnings/errors.
from build-a-saas-app-with-flask.
unfortunately not work
SECRET_KEY is in instance/settings.py
CSRF error on all form login/signup/issue
any good idea?
from build-a-saas-app-with-flask.
I would need much more detail but it sounds like the code itself is working because it runs fine in development. There must be something in your deploy pipeline that's causing a mix up somewhere.
from build-a-saas-app-with-flask.
i can even see CSRF token in developer tools in browser from production server
correct, code working fine in development, only thing different i can think of in production is settings/instance.py
this (sorry for big post):
ANALYTICS_GOOGLE_UA = 'XXX'
SERVER_NAME = '46.XXX.XXX.XXX'
SECRET_KEY = 'complexpassword'
WTF_CSRF_ENABLED = True
DEBUG = False
LOG_LEVEL = 'INFO'
MAIL_USERNAME = '[email protected]'
MAIL_PASSWORD = 'thebestpasswordyouevermade'
db_uri = 'postgresql://catwatch:bestpassword@postgres:5432/catwatch'
SQLALCHEMY_DATABASE_URI = db_uri
SQLALCHEMY_POOL_SIZE = 25
CACHE_REDIS_URL = 'redis://redis:6379/0'
CELERY_BROKER_URL = 'redis://redis:6379/0'
CELERY_RESULT_BACKEND = 'redis://redis:6379/0'
CELERY_REDIS_MAX_CONNECTIONS = 25
APP_NAME = 'catwatch'
from build-a-saas-app-with-flask.
If it's slowing you down you could disable CSRF as a temporary workaround:
By adding WTF_CSRF_ENABLED = False in instance/settings.py
If that stops the CSRF error then you'll be sure your settings file is being read by the app.
from build-a-saas-app-with-flask.
There's nothing wrong with that config. It's likely due to you changing your secret_key and either not copying a fresh version of this file to your server, or forgetting to restart flask.
Double check everything on your server.
from build-a-saas-app-with-flask.
Closing this as there's an entirely new code base.
from build-a-saas-app-with-flask.
Related Issues (20)
- Illegal instruction: 4 HOT 8
- Several questions for solution evaluation HOT 6
- Revisiting OS X Postgres permissions issue HOT 15
- Internal sever error and db reset issue on Mac HOT 3
- Error importing module add: HOT 12
- Error importing module db: HOT 5
- Getting blank responses from cat watch HOT 44
- Cannot access admin page HOT 2
- Adding Custom CSS and JS HOT 9
- SMTPAuthenticationError 534 HOT 4
- Getting a ImportError when running with docker compose HOT 4
- redis need a version bump HOT 3
- gunicorn does not run on windows HOT 2
- ERROR when building HOT 4
- celery-beat KeyError 'Scheduler' HOT 16
- how can i configure postgresql over here can you help me out HOT 1
- ImportError: No module named abc HOT 2
- FLASK_ENV error in build HOT 10
- why not django? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from build-a-saas-app-with-flask.