"CSRF token missing" when using curl with a Flask app

Question

I am trying to submit a form on a Flask app using curl. Unfortunately, I keep running into the "CSRF token missing" error.

I tried:

curl -X POST --form csrf_token=token --form data=@file.txt --form submit=submit {url} -v

I used a csrf_token from the app while I had it open in a browser. I also looked at https://flask-wtf.readthedocs.org/en/latest/csrf.html and tried to set X-CSRFToken in the header but still got the same error. Any suggestions for what is the correct way to use curl to feed the token to the flask app?

possible duplicate of http://stackoverflow.com/questions/10628275/how-to-use-curl-with-django-csrf-tokens-and-post-requests — pech0rin, Feb 05 '16 at 19:00

Andriy Ivaneyko · Answer 1 · 2016-02-05T07:27:42.830

3

The problem is that you just sending token and flask cannot get your session which lives in browser cookie. So if you wish to access your view via curl it's not enough to pass token value within POST request, you have to attach cookie to. You can write cookie to local file with command:

curl -c /path/to/cookiefile {url}

Then modify it and send POST request to your server with attached cookie and token:

curl -b /path/to/cookiefile -X POST --form csrf_token=token --form data=@file.txt --form submit=submit {url} -v

edited Feb 05 '16 at 07:27

answered Feb 04 '16 at 15:44

Andriy Ivaneyko

20,639
6
60
82

Tried that also, without success. – user3487187 Feb 05 '16 at 17:50

"CSRF token missing" when using curl with a Flask app

1 Answers1