42

I have been trying to build a web app using flask and wtforms and a firebase database, but I keep getting the error message "KeyError: 'A secret key is required to use CSRF.'" and I don't know how to solve it. here is my code:

from flask import Flask, render_template, request
from firebase import firebase
from flask_wtf import FlaskForm
from flask_wtf.csrf import CSRFProtect, CSRFError
from wtforms import DateField, StringField, TextAreaField
from wtforms.validators import DataRequired
from wtforms_components import TimeField



app = Flask(__name__)

csrf = CSRFProtect(app)


firebase = firebase.FirebaseApplication("https://uhungry-f9563.firebaseio.com", None)

class myForm(FlaskForm):
        event = StringField("event", validators=[DataRequired()])
        location = StringField("location", validators=[DataRequired()])
        startDay = DateField("startDay", validators=[DataRequired()])
        startTime = TimeField("startTime", validators=[DataRequired()])
        endDay = DateField("endDay", validators=[DataRequired()])
        endTime = TimeField("endTime", validators=[DataRequired()])
        details = TextAreaField("details", validators=[DataRequired()])


count = 0

@app.route('/', methods=['GET' , 'POST'])
def home():
    form = myForm()
    if form.validate_on_submit():
        global count
        count += 1
        putData = {'Event': form.event.data, 'Location': form.location.data, 'startDay': form.startDay.data, 'startTime': form.startTime.data,'endDay': form.endDay.data, 'endTime': form.endTime.data, 'Details': form.details.data}
        firebase.put('/events', 'event' + str(count), putData)
        return render_template("trial.html")
    return render_template("home.html")

if __name__ == '__main__':
    app.run(debug=True)
versailles78
  • 421
  • 1
  • 4
  • 4

4 Answers4

60

You are getting this error because you haven't set up a secret key. Without a secret key you can't use many features such as flash, flask-login and of course, as you have experienced, CSRF protection.

The easiest way to solve this would be to set up a secret key in your app config file but unlike what the other answers have shown, it is strongly recommended to save all of your Keys (especially keys to some paid APIs or services such as AWS) in a separate .env file that is not shared when the code is distributed. Luckily, for the secret key, you don't have to worry about the environment variables and you can just create a random secret key as follows:

import os
SECRET_KEY = os.urandom(32)
app.config['SECRET_KEY'] = SECRET_KEY
Ahmed Ramzi
  • 838
  • 6
  • 7
11

you need to add a SECRET_KEY in the application configuration to take advantage of csrf protection and provide a WRF CSRF SECRET_KEY otherwise your secret key will be used instead

app.config.update(dict(
    SECRET_KEY="powerful secretkey",
    WTF_CSRF_SECRET_KEY="a csrf secret key"
))
Noxiz
  • 279
  • 1
  • 8
8

Add this line to your app code:

app.config['SECRET_KEY'] = 'any secret string'
Rence
  • 2,900
  • 2
  • 23
  • 40
Sanket
  • 151
  • 2
  • 2
  • 2
    In my case (`Python 3.8.1`, `ArchLinux`, `flask 1.1.1`, debug mode) I had to add the command just right after the `app = Flask(__name__)` to make it work. Example app with this error is there: https://pastebin.com/fPeE9J2G (I inserted the cmd into line 32). If I would move it to the line 8, everything works. – dmitry_romanov Mar 09 '20 at 09:15
0

I fixed the problem by adding SECRET_KEY = 'mysecret' in the config.py

file and then made sure to add the config when I call create_app() like that

env = os.environ.get('FLASK_ENV', 'dev')

app = create_app('app.config.%sConfig' % env.capitalize())
Miguel Conde
  • 813
  • 10
  • 22
pieljo
  • 1
  • 1