0

Whenever i attempt to submit my form i receive the following error:

{'department': [u'Not a valid choice'], 'email': [u'This field is required.'], 'csrf_token': ['CSRF token missing'], 'name': [u'This field is required.'], 'address': [u'This field is required.']}

For now im just attempting to fix the CSRF_Token missing error message. But i have the csrf token tag in my template so i'm not understanding why this is happening...

<form enctype="multipart/form-data" action="/index" method="post" role="form"> <!-- how the data is obtained from the form (POST method) -->
    {{ form.csrf_token }}
    <div class="form-group">
      <label style="margin-top: 10px;" for="name">Name:</label>
      {{ form.name(class_="form-control") }} <!-- this creates the name form field -->
      <br>
      <label for="address">Address:</label>
      {{ form.address(class_="form-control", rows='5', cols='40') }} <!-- this creates the adress form field -->
      <br>
      <label for="email">E-mail Address:</label>
      {{ form.email(class_="form-control") }}
      <br>
      <label for="telephone">Phone Number: </label>
      {{ form.telephone(class_="form-control") }}
      <br>
      <label for="file_upload">Upload CV: </label>
      {{ form.file_upload(class_="form-control") }}
      <br>
      <label for="Department">Department:</label>
      {{ form.department(class_="form-control")}}
      <br>
      </select>
    </div>
<button name="submit" type="submit" class="btn btn-primary">Submit</button> </form> <!-- submit button -->

I also think my config is correct...

WTF_CSRF_ENABLED = True
SECRET_KEY = 'this-is-a-secret-key'

Am i missing something? Thanks for any help!

EDIT: As requested here is my config (sorry for the mess, beginner!)

from flask import Flask, render_template, session, flash, request, redirect,       url_for
from flask_wtf import Form
from flask_sqlalchemy import SQLAlchemy
from werkzeug.utils import secure_filename
from wtforms import TextField, TextAreaField, validators, StringField,    SubmitField, BooleanField, RadioField, SelectField, FileField, IntegerField
from .forms import ApplicationForm, DataRequired
import os
import re
import sqlite3
from flask_wtf.csrf import CsrfProtect


SECRET_KEY = 'you-will-never-guess'


#configuration
DEBUG = True
app = Flask('Application')
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///applicants.sqlite3'

app.config.from_object(__name__)
from app import views

CsrfProtect(app)
WTF_CSRF_ENABLED = True

DEBUG = True

UPLOAD_FOLDER = '/Uploads'
app.config['UPLOAD_FOLDER'] = UPLOAD_FOLDER
FILE_TYPES = set(['txt', 'doc', 'docx', 'odt', 'pdf', 'rtf', 'text', 'wks',   'wps', 'wpd'])

def application():
    form = ApplicationForm(request.form)
    return render_template('index.html','home.html', form=form)

db = SQLAlchemy(app)
class Applicants(db.Model):
    id = db.Column('applicant_id', db.Integer, primary_key = True)
    name = db.Column(db.String(100))
    address = db.Column(db.String(200))
    telephone = db.Column(db.String(15))
    email = db.Column(db.String(100))
    department = db.Column(db.String(30))
    file_upload = db.Column(db.Boolean)

def __init__(self, name, address, telephone, email, department, file_upload):
    self.name = name
    self.address = address
    self.telephone = telephone
    self.email = email
    self.department = department
    self.file_upload = file_upload

db.create_all() 

if __name__ == "Application":
    app.run()
  • Try `form.hidden_tag` over form.csrf? http://stackoverflow.com/a/21501593 – Erik Nov 28 '16 at 16:55
  • Can you show your config object? and how you pass it to your app? – ettanany Nov 28 '16 at 16:55
  • @Erik tried that, didn't do anything different as hidden_tag and csrf_token do the same/similar thing I believe. –  Nov 28 '16 at 16:57
  • @ettanany I've edited my post to include my config –  Nov 28 '16 at 17:03
  • Like @richard0096 mentioned, just change `{{ form.csrf_token }}` with `{{ form.hidden_tag() }}` and let me know if it works for you. – ettanany Nov 28 '16 at 17:15
  • I am richard0096! also unfortunately this fix did not work. –  Nov 29 '16 at 10:46

1 Answers1

1

I think you need to clean up your configuration a bit, try to replace everything below your imports and above the def application(): line with this:

app = Flask(__name__)
CsrfProtect(app)
app.config.update(
    DEBUG = True,
    WTF_CSRF_ENABLED = True,
    SECRET_KEY = 'you-will-never-guess',
    UPLOAD_FOLDER = '/Uploads',
    SQLALCHEMY_DATABASE_URI = 'sqlite:///applicants.sqlite3',
    FILE_TYPES = ['txt', 'doc', 'docx', 'odt', 'pdf', 'rtf', 'text', 'wks', 'wps', 'wpd']
)
from app import views

the DEBUG and SECRET_KEY setting look like they may not have been properly set, which is why the CSRF error was coming up.

abigperson
  • 5,252
  • 3
  • 22
  • 25
  • I've Incorporated this fix, however the issue still seems to occur. However i only get the token is missing error when the form has been filled in and submitted. if the form is left empty and submitted then the error does not occur. Not sure why this is happening, but thanks a lot for helping me clean up my code! –  Nov 29 '16 at 10:41