CSRF Protection in Flask

CSRF Protection in Flask

In this article, we'll look at what CSRF is and how to prevent a CSRF attack in Flask. It has nothing special that is used by experts around the world. All are answered in this article.

This article looks at how to prevent CSRF attacks in Flask. Along the way, we'll look at what CSRF is, an example of a CSRF attack, and how to protect against CSRF via Flask-WTF.

What is CSRF?

CSRF, which stands for Cross-Site Request Forgery, is an attack against a web application in which the attacker attempts to trick an authenticated user into performing a malicious action. Most CSRF attacks target web applications that use cookie-based auth since web browsers include all of the cookies associated with a particular domain with each request. So when a malicious request is made from the same browser, the attacker can easily make use of the stored cookies.

Such attacks are often achieved by tricking a user into clicking a button or submitting a form. For example, say your banking web app is vulnerable to CSRF attacks. An attacker could create a clone of your banking web site that contains the following form:

<form action="https://centralbank.com/api/account" method="POST">
  <input type="hidden" name="transaction" value="transfer">
  <input type="hidden" name="amount" value="100">
  <input type="hidden" name="account" value="999">
  <input type="submit" value="Check your statement now">
</form>

The attacker then sends you an email that appears to come from your bank -- cemtralbenk.com instead of centralbank.com -- indicating that your bank statement is ready to view. After clicking the link in the email, you're taken to the malicious web site with the form. You click the button to check your statement. The browser will then automatically send the authentication cookie along with the POST request. Since you're authenticated, the attacker will be able to perform any action that you're allowed to do. In this case, $100 is transferred from you account to account number 999.

Think of all the spam emails you receive daily. How many of them contain hidden CSRF attacks?

What is Geek Coin

What is GeekCash, Geek Token

Best Visual Studio Code Themes of 2021

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Download a Flask template ready to plug in your business logic

Let’s assume after lots of hard work you have your machine learning model running the way it should. This model could be one which responds to a user’s request to classify a tweet sentiment or identify objects in an image or recommend a product or...

Python Flask-Mail Library to Send Emails in Browser Using Flask Full Project For Beginners

Python Flask-Mail Library to Send Emails in Browser Using Flask Full Project For Beginners #python #flask #flaskmail Welcome Folks My name is Gautam

Web development with python and flask: part 3

In this part, we will look at how the request/response cycles of the HTTP PROTOCOL are implemented in the flask framework. If you are still wondering about it then this article is for you. Let's explore it with us now.

Creating REST API with Python and Flask: Web development with Python and flask part 6

In this tutorial, we'll learn Creating REST API with Python and Flask: Web development with Python and flask part 6. Let's explore it with us now.

Python Flask - Introduction to Flask Templates

This is our second tutorial in Python Flask, in this tutorial we are going to have Introduction to Flask Templates, so for this Flask looks for the template