CSRF protection
Secure Scaffold uses the Flask-SeaSurf library to prevent CSRF attacks. See the Flask-SeaSurf documentation for details on how to use and configure the library in your Flask application.
For HTML forms (that use POST), make sure you include the CSRF token as a hidden field:
<input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
This form will succeed on submit because it includes the CSRF token.
While this form will fail on submit because it does not include the CSRF token.