<p>您没有在HTML表单中插入CSRF字段。</p>
<pre><code><form method=post>
{{ form.csrf_token }}
{{ form.name }}
<input type=submit>
</form>
</code></pre>
<p>将<code>form.csrf_token</code>添加到模板(<a href="http://flask-wtf.readthedocs.io/en/latest/quickstart.html#creating-forms" rel="noreferrer">docs</a>)后,表单将按预期进行验证。</p>
<p>验证表单后添加<code>print(form.errors)</code>以查看引发的错误。<code>errors</code>将在验证前为空。在这种情况下,有一个关于丢失的错误</p>
<pre><code>@book.route('/book/new_no_csrf', methods=['GET', 'POST'])
def customers_new_no_csrf():
form = BookNewForm()
print(form.errors)
if form.is_submitted():
print "submitted"
if form.validate():
print "valid"
print(form.errors)
if form.validate_on_submit():
flash("Successfully created a new book")
return redirect(url_for('.books_show'))
return render_template('books_new.html', form=form)
</code></pre>
<pre><code>{}
submitted
{'csrf_token': [u'CSRF token missing']}
127.0.0.1 - - [29/May/2012 02:01:08] "POST /book/new_no_csrf HTTP/1.1" 200 -
127.0.0.1 - - [29/May/2012 02:01:08] "GET /favicon.ico HTTP/1.1" 404 -
</code></pre>
<p><a href="https://github.com/ajford/Flask-wtf-SO-Question-10722968" rel="noreferrer">I created an example on GitHub.</a></p>