How to render Flask-Security forgot password form?

Question

I have application with ready UI and I want to add login/logout/register/restore features with Flask-Security. Before I worked with that default behavior - when user clicked "forgot password" he was redirected to specific endpoint.

Now I want to have forgot password form on the same page (just in different panel which show when user clicks corresponding link).

I faced an issue that I cannot just add the same form with same endpoint because Flask-Security wants CSRF token. I think that I can somehow render its form on page and adjust styles. But I do not know how.

I do not want to turn off csrf check unless I definitely know that there is not other ways.

Filipe Amaral · Answer 1 · 2016-05-13T13:12:49.120

Since you are generating the form dynamically I will assume that you are using AJAX, the documentation speaks about it.

You have to enable the CSRF module with

from flask_wtf.csrf import CsrfProtect

CsrfProtect(app)

you will have access to csrf_token() on every page, and you can get it with:

<meta name="csrf-token" content="{{ csrf_token() }}">

var csrftoken = $('meta[name=csrf-token]').attr('content')

$.ajaxSetup({
    beforeSend: function(xhr, settings) {
        if (!/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type) && !this.crossDomain) {
            xhr.setRequestHeader("X-CSRFToken", csrftoken)
        }
    }
})

How to render Flask-Security forgot password form?

1 Answers1