How do you solve the error KeyError: 'A secret key is required to use CSRF.' when using a wtform in flask application?

天大地大妈咪最大 提交于 2021-01-20 17:48:26

问题


I have been trying to build a web app using flask and wtforms and a firebase database, but I keep getting the error message "KeyError: 'A secret key is required to use CSRF.'" and I don't know how to solve it. here is my code:

from flask import Flask, render_template, request
from firebase import firebase
from flask_wtf import FlaskForm
from flask_wtf.csrf import CSRFProtect, CSRFError
from wtforms import DateField, StringField, TextAreaField
from wtforms.validators import DataRequired
from wtforms_components import TimeField



app = Flask(__name__)

csrf = CSRFProtect(app)


firebase = firebase.FirebaseApplication("https://uhungry-f9563.firebaseio.com", None)

class myForm(FlaskForm):
        event = StringField("event", validators=[DataRequired()])
        location = StringField("location", validators=[DataRequired()])
        startDay = DateField("startDay", validators=[DataRequired()])
        startTime = TimeField("startTime", validators=[DataRequired()])
        endDay = DateField("endDay", validators=[DataRequired()])
        endTime = TimeField("endTime", validators=[DataRequired()])
        details = TextAreaField("details", validators=[DataRequired()])


count = 0

@app.route('/', methods=['GET' , 'POST'])
def home():
    form = myForm()
    if form.validate_on_submit():
        global count
        count += 1
        putData = {'Event': form.event.data, 'Location': form.location.data, 'startDay': form.startDay.data, 'startTime': form.startTime.data,'endDay': form.endDay.data, 'endTime': form.endTime.data, 'Details': form.details.data}
        firebase.put('/events', 'event' + str(count), putData)
        return render_template("trial.html")
    return render_template("home.html")

if __name__ == '__main__':
    app.run(debug=True)

回答1:


You are getting this error because you haven't set up a secret key. Without a secret key you can't use many features such as flash, flask-login and of course, as you have experienced, CSRF protection.

The easiest way to solve this would be to set up a secret key in your app config file but unlike what the other answers have shown, it is strongly recommended to save all of your Keys (especially keys to some paid APIs or services such as AWS) in a separate .env file that is not shared when the code is distributed. Luckily, for the secret key, you don't have to worry about the environment variables and you can just create a random secret key as follows:

import os
SECRET_KEY = os.urandom(32)
app.config['SECRET_KEY'] = SECRET_KEY



回答2:


you need to add a SECRET_KEY in the application configuration to take advantage of csrf protection and provide a WRF CSRF SECRET_KEY otherwise your secret key will be used instead

app.config.update(dict(
    SECRET_KEY="powerful secretkey",
    WTF_CSRF_SECRET_KEY="a csrf secret key"
))



回答3:


Add this line to your app code:

app.config['SECRET_KEY'] = 'any secret string'


来源:https://stackoverflow.com/questions/47687307/how-do-you-solve-the-error-keyerror-a-secret-key-is-required-to-use-csrf-whe

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!