# Flask SeaSurf *** **1. Basic Usage** ```python from flask import Flask, request from flask_seasurf import SeaSurf app = Flask(__name__) csrf = SeaSurf(app) @csrf.exempt @app.route('/', methods=["GET", "POST"]) def index(): if request.method == "POST": csrf.validate() return 'OK' ``` **2. Custom CSRF Token Name** ```python from flask import Flask, request from flask_seasurf import SeaSurf app = Flask(__name__) csrf = SeaSurf(app, csrf_name='my_csrf_token') @csrf.exempt @app.route('/', methods=["GET", "POST"]) def index(): if request.method == "POST": csrf.validate() return 'OK' ``` **3. Custom CSRF Token Cookie Name** ```python from flask import Flask, request from flask_seasurf import SeaSurf app = Flask(__name__) csrf = SeaSurf(app, csrf_cookie_name='my_csrf_cookie') @csrf.exempt @app.route('/', methods=["GET", "POST"]) def index(): if request.method == "POST": csrf.validate() return 'OK' ``` **4. Custom CSRF Token Expiration Time** ```python from flask import Flask, request from flask_seasurf import SeaSurf app = Flask(__name__) csrf = SeaSurf(app, csrf_token_expires=300) @csrf.exempt @app.route('/', methods=["GET", "POST"]) def index(): if request.method == "POST": csrf.validate() return 'OK' ``` **5. Custom CSRF Token Size** ```python from flask import Flask, request from flask_seasurf import SeaSurf app = Flask(__name__) csrf = SeaSurf(app, csrf_token_size=32) @csrf.exempt @app.route('/', methods=["GET", "POST"]) def index(): if request.method == "POST": csrf.validate() return 'OK' ``` **6. Custom CSRF Salt** ```python from flask import Flask, request from flask_seasurf import SeaSurf app = Flask(__name__) csrf = SeaSurf(app, csrf_secret_key='my_secret_key') @csrf.exempt @app.route('/', methods=["GET", "POST"]) def index(): if request.method == "POST": csrf.validate() return 'OK' ``` **7. Custom CSRF Token Generator** ```python from flask import Flask, request from flask_seasurf import SeaSurf def custom_generator(): return 'my_custom_token' app = Flask(__name__) csrf = SeaSurf(app, csrf_token_generator=custom_generator) @csrf.exempt @app.route('/', methods=["GET", "POST"]) def index(): if request.method == "POST": csrf.validate() return 'OK' ``` **8. Custom CSRF Token Validator** ```python from flask import Flask, request from flask_seasurf import SeaSurf def custom_validator(csrf_token, scheme): return True app = Flask(__name__) csrf = SeaSurf(app, csrf_token_validator=custom_validator) @csrf.exempt @app.route('/', methods=["GET", "POST"]) def index(): if request.method == "POST": csrf.validate() return 'OK' ``` **9. Custom CSRF Token Header Name** ```python from flask import Flask, request from flask_seasurf import SeaSurf app = Flask(__name__) csrf = SeaSurf(app, csrf_token_header='X-My-CSRF-Token') @csrf.exempt @app.route('/', methods=["GET", "POST"]) def index(): if request.method == "POST": csrf.validate() return 'OK' ``` **10. Disabled CSRF Protection for Specific Routes** ```python from flask import Flask, request from flask_seasurf import SeaSurf app = Flask(__name__) csrf = SeaSurf(app) @app.route('/login', methods=["GET", "POST"]) def login(): return 'OK' # No CSRF protection for this route ``` **11. Disabled CSRF Protection for Specific HTTP Methods** ```python from flask import Flask, request from flask_seasurf import SeaSurf app = Flask(__name__) csrf = SeaSurf(app) @csrf.exempt(methods=['OPTIONS']) @app.route('/', methods=["GET", "POST"]) def index(): return 'OK' # No CSRF protection for OPTIONS method ``` **12. Disabled CSRF Protection for Specific Endpoints** ```python from flask import Flask, request, jsonify from flask_seasurf import SeaSurf app = Flask(__name__) csrf = SeaSurf(app) @csrf.exempt(endpoint='my_endpoint') @app.route('/my-endpoint', methods=["GET", "POST"]) def my_endpoint(): return jsonify({}) # No CSRF protection for this endpoint ``` **13. Disabled CSRF Protection for Entire Blueprint** ```python from flask import Blueprint, request from flask_seasurf import SeaSurf app = Flask(__name__) csrf = SeaSurf(app) bp = Blueprint('my_blueprint', __name__) @csrf.exempt(endpoint='my_blueprint.my_endpoint') @bp.route('/my-endpoint', methods=["GET", "POST"]) def my_endpoint(): return 'OK' # No CSRF protection for this blueprint app.register_blueprint(bp) ``` **14. Extract CSRF Token** ```python from flask import Flask from flask_seasurf import SeaSurf app = Flask(__name__) csrf = SeaSurf(app) @app.route('/') def index(): csrf.generate_unique_token() csrf_token = csrf.get_token() return csrf_token ``` **15. Generate Unique CSRF Token** ```python from flask import Flask from flask_seasurf import SeaSurf app = Flask(__name__) csrf = SeaSurf(app) @app.route('/') def index(): csrf.generate_unique_token() csrf_token = csrf.token return csrf_token ``` **16. Check CSRF Token Validity** ```python from flask import Flask, request from flask_seasurf import SeaSurf app = Flask(__name__) csrf = SeaSurf(app) @app.route('/', methods=["POST"]) def index(): if csrf.validate_token(request.form.get('csrf_token')): return 'OK' else: return 'Invalid CSRF token' ``` **17. Disable CSRF Protection** ```python from flask import Flask from flask_seasurf import SeaSurf app = Flask(__name__) csrf = SeaSurf(app) csrf.disable() @app.route('/', methods=["POST"]) def index(): return 'OK' # CSRF protection is disabled ``` **18. Dynamically Generate CSRF Token** ```python from flask import Flask, request from flask_seasurf import SeaSurf app = Flask(__name__) csrf = SeaSurf(app) @app.route('/') def index(): if request.method == 'GET': csrf.generate_unique_token() csrf_token = csrf.get_token() return csrf_token ``` **19. Use CSRF Token in Header** ```python from flask import Flask, request from flask_seasurf import SeaSurf app = Flask(__name__) csrf = SeaSurf(app) @csrf.exempt @app.route('/', methods=["POST"]) def index(): csrf_token = request.headers.get('X-CSRF-Token') csrf.validate_token(csrf_token) return 'OK' ``` **20. Use CSRF Token in Form** ```python from flask import Flask, request from flask_seasurf import SeaSurf app = Flask(__name__) csrf = SeaSurf(app) @csrf.exempt @app.route('/', methods=["POST"]) def index(): csrf_token = request.form.get('csrf_token') csrf.validate_token(csrf_token) return 'OK' ``` **21. Use CSRF Token in Cookie** ```python from flask import Flask, request from flask_seasurf import SeaSurf app = Flask(__name__) csrf = SeaSurf(app) @csrf.exempt @app.route('/', methods=["POST"]) def index(): csrf_token = request.cookies.get('csrf_token') csrf.validate_token(csrf_token) return 'OK' ``` **22. Disable CSRF Protection for Specific Domains** ```python from flask import Flask from flask_seasurf import SeaSurf app = Flask(__name__) csrf = SeaSurf(app) @app.route('/', host='example.com') def index(): csrf.disable() return 'OK' # CSRF protection is disabled for example.com ``` **23. Disable CSRF Protection for Specific Methods** ```python from flask import Flask from flask_seasurf import SeaSurf app = Flask(__name__) csrf = SeaSurf(app) @csrf.exempt(methods=['GET']) @app.route('/', methods=["POST", "GET"]) def index(): return 'OK' # CSRF protection is disabled for GET requests ``` **24. Ignore CSRF Protection for Static Files** ```python from flask import Flask from flask_seasurf import SeaSurf app = Flask(__name__) csrf = SeaSurf(app) app.config['SEND_FILE_MAX_AGE_DEFAULT'] = 0 csrf.exempt_static_files = True @app.route('/') def index(): return 'OK' # CSRF protection is disabled for static files ``` **25. Use Custom CSRF Protection Scheme** ```python from flask import Flask from flask_seasurf import SeaSurf class CustomScheme(SeaSurf): def generate_token(self, **kwargs): pass def validate_token(self, token, **kwargs): pass app = Flask(__name__) csrf = CustomScheme(app) ``` **26. Use Flask-Login with CSRF Protection** ```python from flask import Flask, request, login_required from flask_login import LoginManager, UserMixin, login_user from flask_seasurf import SeaSurf app = Flask(__name__) csrf = SeaSurf(app) login_manager = LoginManager() login_manager.init_app(app) class User(UserMixin): pass @login_manager.user_loader def load_user(user_id): return User() @app.route('/login', methods=["POST"]) def login(): if csrf.validate_token(request.form.get('csrf_token')): user = User() login_user(user) return 'OK' else: return 'Invalid CSRF token' @app.route('/protected') @login_required def protected(): return 'OK' # CSRF protection is enforced for logged-in users ``` **27. Use with Flask-RESTful** ```python from flask import Flask from flask_restful import Resource, Api from flask_seasurf import SeaSurf app = Flask(__name__) csrf = SeaSurf(app) api = Api(app) class MyResource(Resource): def post(self): if csrf.validate_token(request.get_json()['csrf_token']): return 'OK' else: return 'Invalid CSRF token' api.add_resource(MyResource, '/my-resource') ``` **28. Use with Flask-SocketIO** ```python from flask import Flask, request from flask_socketio import SocketIO, emit from flask_seasurf import SeaSurf app = Flask(__name__) csrf = SeaSurf(app) socketio = SocketIO(app) @app.route('/', methods=["GET", "POST"]) def index(): if request.method == 'POST': if csrf.validate_token(request.form.get('csrf_token')): emit('my_event', {'data': 'OK'}) else: emit('my_event', {'data': 'Invalid CSRF token'}) ``` **29. Use with Flask-WTF** ```python from flask import Flask, render_template, request from flask_wtf import FlaskForm from flask_seasurf import SeaSurf from wtforms import StringField app = Flask(__name__) csrf = SeaSurf(app) class MyForm(FlaskForm): username = StringField('Username') password = StringField('Password') @app.route('/', methods=["GET", "POST"]) def index(): form = MyForm() if form.validate_on_submit() and csrf.validate_token(form.csrf_token.data): username = form.username.data password = form.password.data # Do something with the form data return render_template('index.html', form=form) ``` **30. Custom Error Handling** ```python from flask import Flask from flask_seasurf import SeaSurf app = Flask(__name__) csrf = SeaSurf(app) @app.errorhandler(400) def handle_bad_request(error): return 'Bad request: ' + error.description, 400 @app.route('/', methods=["POST"]) def index(): csrf.validate() return 'OK' ``` **31. Use with Flask-Caching** ```python from flask import Flask from flask_cache import Cache from flask_seasurf import SeaSurf app = Flask(__name__) csrf = SeaSurf(app) cache = Cache(app) @app.route('/', methods=["GET", "POST"]) @cache.cached(timeout=300) def index(): if request.method == 'POST': if csrf.validate_token(request.form.get('csrf_token')): return 'OK' else: return 'Invalid CSRF token' return 'OK' ``` **32. Use with Flask-Babel** ```python from flask import Flask, gettext from flask_babel import Babel from flask_seasurf import SeaSurf app = Flask(__name__) csrf = SeaSurf(app) babel = Babel(app) @babel.localeselector def get_locale(): return request.accept_languages.best_match(app.config['LANGUAGES']) @app.route('/') def index(): csrf.generate_unique_token() csrf_token = csrf.get_token() return gettext('OK') + ' ' + csrf_token ``` **33. Customize CSRF Token Name and Header** ```python from flask import Flask from flask_seasurf import SeaSurf app = Flask(__name__) csrf = SeaSurf(app, csrf_name='my_token', csrf_header='X-My-Token') ``` **34. Disable CSRF Token for Specific Blueprint** ```python from flask import Blueprint from flask_seasurf import SeaSurf app = Flask(__name__) csrf = SeaSurf(app) bp = Blueprint('my_blueprint', __name__) csrf.exempt(bp) ``` **35. Generate CSRF Token for AJAX Requests** ```python from flask import Flask, request from flask_seasurf import SeaSurf app = Flask(__name__) csrf = SeaSurf(app) @app.route('/') def index(): if request.method == 'GET': csrf.generate_unique_token() csrf_token = csrf.get_token() return csrf_token ``` **36. Customized CSRF Token Generation** ```python from flask import Flask, request from flask_seasurf import SeaSurf def custom_generate_token(app): return 'my_custom_token' app = Flask(__name__) csrf = SeaSurf(app, csrf_token_generator=custom_generate_token) ```