Flask-WTF now uses WTF_CSRF_ENABLED and WTF_CSRF_SECRET_KEY.

Jon Stutters 2015-07-28 13:20:57 +01:00
parent 5bfa89db51
commit 58afb52038

@ -111,8 +111,8 @@ We'll create 4 modules, a user module (manage user's registration, login, lost p
THREADS_PER_PAGE = 8
CSRF_ENABLED = True
CSRF_SESSION_KEY = "somethingimpossibletoguess"
WTF_CSRF_ENABLED = True
WTF_CSRF_SECRET_KEY = "somethingimpossibletoguess"
RECAPTCHA_USE_SSL = False
RECAPTCHA_PUBLIC_KEY = '6LeYIbsSAAAAACRPIllxA7wvXjIE411PfdB2gt2J'
@ -126,7 +126,7 @@ We'll create 4 modules, a user module (manage user's registration, login, lost p
* `ADMINS` will be used if you need to email information to the site administrators.
* `SQLALCHEMY_DATABASE_URI` and `DATABASE_CONNECT_OPTIONS` are SQLAlchemy connection options (hard to guess)
* `THREADS_PER_PAGE` my understanding was 2/core... might be wrong :)
* `CSRF_ENABLED` and `CSRF_SESSION_KEY` are protecting against form post fraud
* `WTF_CSRF_ENABLED` and `WTF_CSRF_SECRET_KEY` are protecting against form post fraud
* `RECAPTCHA_*` WTForms comes with a `RecaptchaField` ready to use... just need to go to recaptcha website and get your public and private key.
## First module