csrf攻击防范
#在 Flask 中, Flask-wtf 扩展有一套完善的 csrf 防护体系
from flask import Flask,render_template,request from flask_wtf import CSRFProtect app = Flask(__name__, template_folder="templates") csrf = CSRFProtect(app) """初始化csrf防范机制""" app.config["SECRET_KEY"] = "1234asda" @app.route("/") def index(): data = {} return render_template( "index7.html", **data ) @app.route("/login",methods=["POST"]) def login(): print(request.form) return "ok" if __name__ == '__main__': app.run(debug=True)
<!doctype html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Document</title> </head> <body> <form action="{{ url_for('login') }}" method="post"> <input type="hidden" name="csrf_token" value="{{ csrf_token() }}" > #配置csrf_token 账号: <input type="text" name="username" value=""><br><br> 密码: <input type="password" name="password" value=""><br><br> <input type="submit" value="登录"> </form> </body> </html>