CSRF protection

Secure Scaffold uses the Flask-SeaSurf library to prevent CSRF attacks. See the Flask-SeaSurf documentation for details on how to use and configure the library in your Flask application.

For HTML forms (that use POST), make sure you include the CSRF token as a hidden field:

<input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">

This form will succeed on submit because it includes the CSRF token.

First name Submit form (with CSRF token)

While this form will fail on submit because it does not include the CSRF token.

First name Submit form (no CSRF token)