-
Notifications
You must be signed in to change notification settings - Fork 310
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Inconsistency with raising CSRFError #381
Labels
Comments
It doesn't make sense to raise an unhandled exception during validation. I suppose the docs could be clearer that the extension raises the error, not forms. PRs welcome. |
You can check out form.errors after validate_on_submit() returns false. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The Flask-WTF docs state:
However, this appears to only be true, if this optional code has been used:
When that code is not used, forms are created by subclassing
FlaskForm
, and CSRF validation fails, thenvalidate_on_submit
returns False instead of raisingCSRFError
.It seems that ideally you would always raise
CSRFError
for consistency, but if you don't want to do that, then it would be helpful to update the docs.The text was updated successfully, but these errors were encountered: