400 (BAD REQUEST) when requesting /dash-update-component

I’ve just updated my Dash app to dash 1.0. Now, when I visit my dash app at http://localhost:5000/dash/trend, I now get this error:

POST http://localhost:5000/dash/trend/_dash-update-component 400 (BAD REQUEST)

When I go to http://localhost:5000/dash/trend/_dash-update-component in my browser, or cURL it, it just renders the same dash app as http://localhost:5000/dash/trend, so the problem seems to be that it’s treating this URL as an HTML endpoint instead of JSON.

My dash app is being used as part of a larger flask app, so I intialize it as:

app = MegaQcDash(routes_pathname_prefix='/dash/trend/', server=False)

And this subclass of Dash is defined as:

class MegaQcDash(dash.Dash):
    """
    Subclass of Dash, which renders a jinja template rather than using the default HTML template
    """
    def interpolate_index(self, **kwargs):
        t = render_template('dash.html', **kwargs)
        return t

Is this perhaps messing with the _dash-update-component URL?

Ah, some progress. So I’ve noticed these 400 errors go away if I turn flak debug mode on: export FLAG_DEBUG=1. And also the version of dash doesn’t seem to matter: 1.0 and pre 1.0 behave the same.

Did you ever resolve this error? I am having a similar issue where I receive a 400 error on POST /_dash-update-component

My dash application is also a part of a flask app.

Hello, I got the exact same problem recently and found that the problem was I was using CSRF flask extension, this makes all the post requests to require a csrf token by default (Flask requests don’t provide the token in it;s request’s and that’s what generates an 400 status code in the response). The solution is simple: Disable Flask csrf extension for the endpoint (or base_url) from where you dash app is running. CSRF Protection — Flask-WTF Documentation (0.15.x)

Update:

This one line of code solution worked for me, check it out python - CSRF Protection in a Flask Framework that uses Dash - Stack Overflow