Python Forum

Full Version: The CSRF session token is missing.
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hi everyone!

I have the following error message: The CSRF session token is missing.

I have everything completed in the documentation for an Ajax post request with the following fetch request:

fetch("", {
method: 'POST',
headers: {
'Accept': 'application/json',
'X-CSRFToken': this.state.csrf,              
credentials: "include",
body: JSON.stringify({email: email, password: password}),          
I also have debugged this.state.csrf and it does have the string that was generated by another endpoint I created:

app.route("/secret", methods=["GET"])

def secret():

return render_template("csrf.payload")

csrf payload has: {{ csrf_token() }}
I think it may be two problems: maybe my flask app is requiring secure connection; or maybe my flask app is deleting my session data because of size of csrf token? This is after extensive googling.

Ofcourse my has

csrf = CSRFProtect()
Please help solve this error; I don't know why my session csrf token is missing :(