CSRF protection in Dash

danM · January 13, 2023, 5:03pm

Hi, I’m wondering how to implement CSRF protection in my Dash app. I’m currently using flask_wtf.csrf to initialize the flask server that my app is built on top of. However, my pages do not load and I get the error that I am missing the csrf protection token.

How can I ensure that my Dash app is protected against CSRF?

jinnyzor · January 13, 2023, 8:38pm

Hello @danM,

Welcome to the community!

Since you are using flask-wtf, check out here of how you can have the requests automatically come through:

https://flask-wtf.readthedocs.io/en/0.15.x/csrf/

Pay attention to the jquery part of it, as this would allow the site to work. My guess is that the easiest way to do this would be to adjust the overall template.

Emil · February 2, 2023, 7:50am

@danM did you get it working? @jinnyzor are you suggesting to modify the Dash template, or what template are you referring to?

EDIT: Reading this issue, it seems CSRF is a non-issue in a Dash context,

jinnyzor · February 2, 2023, 9:21am

I was recommending it, since he was using the add on of flask-wtf.

I haven’t looked much further into it since then.

Topic		Replies	Views
What is the Current Way to Disable CSRF? (my_app = dash.Dash(csrf_protect=False)) Dash Python question	0	512	July 19, 2022
CSRF Prevention Dash Python	1	1733	January 8, 2019
[Solved] CSRF and dash interactive apps Dash Python	2	3435	November 30, 2023
Dash callbacks not working, if dash app is created and called from flask Dash Python	3	1355	July 31, 2018
TypeError: Dash() got an unexpected keyword argument 'csrf_protect' Dash Python	3	3819	April 3, 2020

CSRF protection in Dash

Related topics