[Solved] CSRF and dash interactive apps

I’m attempting to create a dash-based app that reads in numerical data (gene expression data) from a REST endpoint and generates a plotly graph and I’m running into some issue related to flask_seasurf and CSRF. (Forbidden CSRF token missing or incorrect). Ideally I’d like to understand better how dash and flask are related, but in the short term I’d be happy to learn how to disable CSRF. I’ve tried passing “csrf_protect=False” to my app.run_server call but I get a TypeError (unexpected keyword argument)

dash.version = 0.17.7
dash_html_components.version = 0.6.2
dash_core_components.version = 0.5.1

Very excited about using Dash to build interactive gene expression analysis tools. Great work getting this together!


WARNING in flask_seasurf [/usr/software/conda3/4.4.0/lib/python3.6/site-packages/flask_seasurf.py:282]:
Forbidden (CSRF token missing or incorrect.): /_dash-update-component

172.17.0.1 - - [27/Jun/2017 07:05:59] “POST /_dash-update-component HTTP/1.1” 403 -
172.17.0.1 - - [27/Jun/2017 07:08:58] “GET / HTTP/1.1” 200 -
172.17.0.1 - - [27/Jun/2017 07:08:59] “GET /_dash-layout HTTP/1.1” 200 -
172.17.0.1 - - [27/Jun/2017 07:08:59] “GET /_dash-dependencies HTTP/1.1” 200 -
172.17.0.1 - - [27/Jun/2017 07:08:59] “GET /favicon.ico HTTP/1.1” 200 -
172.17.0.1 - - [27/Jun/2017 07:08:59] “GET /_dash-routes HTTP/1.1” 200 -

Oops, disregard this post. I was disabling csrf at the wrong point. The following call does work:

my_app = dash.Dash(csrf_protect=False)

1 Like

how do you solve CRSF issue shown below? csrf_protect=False is no more in use

Forbidden (403)

CSRF verification failed. Request aborted.

You are seeing this message because this site requires a CSRF cookie when submitting forms. This cookie is required for security reasons, to ensure that your browser is not being hijacked by third parties.

If you have configured your browser to disable cookies, please re-enable them, at least for this site, or for “same-origin” requests.

More information is available with DEBUG=True.