Black Lives Matter. Please consider donating to Black Girls Code today.

[Solved] CSRF and dash interactive apps

I’m attempting to create a dash-based app that reads in numerical data (gene expression data) from a REST endpoint and generates a plotly graph and I’m running into some issue related to flask_seasurf and CSRF. (Forbidden CSRF token missing or incorrect). Ideally I’d like to understand better how dash and flask are related, but in the short term I’d be happy to learn how to disable CSRF. I’ve tried passing “csrf_protect=False” to my app.run_server call but I get a TypeError (unexpected keyword argument)

dash.version = 0.17.7
dash_html_components.version = 0.6.2
dash_core_components.version = 0.5.1

Very excited about using Dash to build interactive gene expression analysis tools. Great work getting this together!


WARNING in flask_seasurf [/usr/software/conda3/4.4.0/lib/python3.6/site-packages/flask_seasurf.py:282]:
Forbidden (CSRF token missing or incorrect.): /_dash-update-component

172.17.0.1 - - [27/Jun/2017 07:05:59] “POST /_dash-update-component HTTP/1.1” 403 -
172.17.0.1 - - [27/Jun/2017 07:08:58] “GET / HTTP/1.1” 200 -
172.17.0.1 - - [27/Jun/2017 07:08:59] “GET /_dash-layout HTTP/1.1” 200 -
172.17.0.1 - - [27/Jun/2017 07:08:59] “GET /_dash-dependencies HTTP/1.1” 200 -
172.17.0.1 - - [27/Jun/2017 07:08:59] “GET /favicon.ico HTTP/1.1” 200 -
172.17.0.1 - - [27/Jun/2017 07:08:59] “GET /_dash-routes HTTP/1.1” 200 -

Oops, disregard this post. I was disabling csrf at the wrong point. The following call does work:

my_app = dash.Dash(csrf_protect=False)

1 Like