0

I am trying to submit simple HTML form to my Flask app on this POST route but I am getting unauthorized error, because Flask/JWT (I am not sure) doesn't find it in cookies. It works fine with the GET request on the same route (it finds the access_token in cookies). What is the problem with cookies in POST request? Thank you!

@app.route('/someRoute', methods=["GET", "POST"])
@jwt_required(locations=["cookies"])
def someRoute():
    if request.method == "GET":
        return render_template("page.html") **works fine**
    elif request.method == "POST":
        **there is the problem**
jestrabikr
  • 420
  • 5
  • 12
  • What is the error you are getting ? Is there any trace or from where the error occurs ? Also , how do you make requests in front-end. Can you bring more clarity on the question ? – Kris Mar 21 '22 at 06:41
  • The POST request is send throught basic HTML form on submit. Then I check for the JWT token as shown above (@jwt_required()...) and this catches the exception (and redirects me to the error route) – jestrabikr Mar 21 '22 at 12:59

2 Answers2

0

How do you send your POST request? You need to implicit set withCredentials if you are sending the request from the browser

For example:

axios.get(url, { withCredentials: true });
Zheng Bowen
  • 339
  • 2
  • 7
  • This is a comment, not an answer. Please wait to have reputation on question comments, rather than posting them as answers. Thanks – Kris Mar 21 '22 at 06:39
  • The POST request is send throught basic HTML form on submit. – jestrabikr Mar 21 '22 at 12:53
  • Maybe check if the request actually contains cookies in the browser. Cross-origin cookie is only allowed by GET method or send through HTTPS – Zheng Bowen Mar 21 '22 at 14:13
0

What is the actual error that you are seeing? I suspect you aren’t sending the CSRF double submit token in the request, which is required for POST requests. See the docs here: https://flask-jwt-extended.readthedocs.io/en/stable/token_locations/#cookies

vimalloc
  • 3,869
  • 4
  • 32
  • 45