{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreiexviyxli3phezxmtfjhry3pnvaa3xe6s6qorsrqlnrljjzbpgpye",
    "uri": "at://did:plc:4n6wgsqsqm6q2hjncgwmreey/app.bsky.feed.post/3mhcx6nkazx22"
  },
  "path": "/post/47338902",
  "publishedAt": "2026-03-17T10:32:29.000Z",
  "site": "https://programming.dev",
  "tags": [
    "Programming",
    "ghodawalaaman",
    "2 comments",
    "@app.errorhandler",
    "@app.route",
    "@jwt_required",
    "@csrf_exempt"
  ],
  "textContent": "submitted by ghodawalaaman to programming\n2 points | 2 comments\n\nHello,\n\nit seems like an easy question but I tried everything google and AI told me but flask still giving me CSRF token mismatched error. I don’t know how to disable it. I threw everything I found online to disable CSRF but I can’t disable it. it’s so annoying. here is the code:\n\n\n    import mysql.connector\n    from mysql.connector import Error\n\n    from flask import Flask, request, jsonify,redirect, url_for\n    from authlib.integrations.flask_client import OAuth\n    import os\n    from flask_cors import CORS\n    from flask_jwt_extended import JWTManager, create_access_token, jwt_required, get_jwt_identity\n    # from flask_wtf.csrf import csrf_exempt\n\n    import hashlib\n    from flask import Flask\n    from flask_wtf import CSRFProtect\n\n    app = Flask(__name__)\n    app.config['WTF_CSRF_ENABLED'] = False  # Disable CSRF globally\n\n    csrf = CSRFProtect(app)  # This will now be disabled\n\n\n    try:\n        print(\"TESTING CONNECTION TO MYSQL DATABASE...\")\n        connection = mysql.connector.connect(\n            host='localhost',\n            database='test',\n            user='root',\n            password='MySql@123'\n        )\n\n        if connection.is_connected():\n            print(\"Connected to MySQL database\")\n\n            cur = connection.cursor()\n            cur.execute(\"SELECT DATABASE();\")\n            record = cur.fetchone()\n            print(\"You're connected to database: \", record)\n    except Error as e:\n        print(\"Error while connecting to MySQL\", e)\n        exit(1)\n    finally:\n        if connection.is_connected():\n            cur.close()\n            connection.close()\n            print(\"MySQL connection is closed\")\n            print(\"TESTING DONE\")\n\n\n    app.secret_key = \"somethings_secret92387492837492387498\"\n    app.config['SESSION_COOKIE_SAMESITE'] = 'Lax'\n    app.config['SESSION_COOKIE_SECURE'] = False\n    app.config['SESSION_COOKIE_HTTPONLY'] = True\n\n    CORS(app)\n    app.config['JWT_SECRET_KEY'] = \"your_jwt_secret_key123487236428374628374628736\"\n    jwt = JWTManager(app)\n\n\n    # OAuth configuration\n    oauth = OAuth(app)\n    google = oauth.register(\n        name='google',\n        client_id=\"CLIENT_ID\",\n        client_secret=\"CLIENT_SECRET\",\n        server_metadata_url='https://accounts.google.com/.well-known/openid-configuration',\n        client_kwargs={\n            'scope': 'openid email profile'\n        }\n    )\n\n    @app.errorhandler(Exception)\n    def handle_exception(e):\n        return jsonify({\"error\": str(e)}), 500\n\n    @app.route(\"/\",)\n    @jwt_required()\n    def hello_world():\n        return \"<p>Hello, World!</p>\"\n\n    @app.route(\"/register_by_email\", methods=[\"POST\"])\n    def register():\n        username = request.form.get(\"username\")\n        email = request.form.get(\"email\")\n        password = request.form.get(\"password\")\n\n        with mysql.connector.connect(\n            host='localhost',\n            database='test',\n            user='root',\n            password='MySql@123'\n        ) as connection:\n            with connection.cursor() as cursor:\n                cursor.execute(\"INSERT INTO users (username, email) VALUES (%s, %s)\", (username, email))\n                cursor.execute(\"SELECT LAST_INSERT_ID()\")\n                user_id = cursor.fetchone()[0]\n                password_hash = hashlib.sha256(password.encode()).hexdigest()\n                cursor.execute(\"INSERT INTO user_passwords (user_id, password_hash) VALUES (%s, %s)\", (user_id, password_hash))\n                connection.commit()\n        return jsonify({\"message\": \"User registered successfully\", \"user_id\": user_id}), 201\n\n    @app.route(\"/login_by_email\", methods=[\"POST\"])\n    def login():\n        email = request.form.get(\"email\")\n        password = request.form.get(\"password\")\n\n        with mysql.connector.connect(\n            host='localhost',\n            database='test',\n            user='root',\n            password='MySql@123'\n        ) as connection:\n            with connection.cursor() as cursor:\n                cursor.execute(\"SELECT id FROM users WHERE email = %s\", (email,))\n                user = cursor.fetchone()\n                if not user:\n                    return jsonify({\"error\": \"User not found\"}), 404\n                user_id = user[0]\n                password_hash = hashlib.sha256(password.encode()).hexdigest()\n                cursor.execute(\"SELECT * FROM user_passwords WHERE user_id = %s AND password_hash = %s\", (user_id, password_hash))\n                if cursor.fetchone():\n                    return jsonify({\"message\": \"Login successful\", \"user_id\": user_id, \"access_token\": create_access_token(identity=email)}), 200\n                else:\n                    return jsonify({\"error\": \"Invalid credentials\"}), 401\n\n\n    @app.route(\"/google_oauth_url\",methods = [\"GET\"])\n    def login_with_google():\n        redirect_uri = url_for('callback', _external=True)\n        return google.create_authorization_url(redirect_uri)\n\n\n\n\n    @app.route(\"/callback\",methods = [\"GET\"])\n    # @csrf_exempt\n    def callback():\n        token = google.authorize_access_token()\n        user_info = token.get(\"userinfo\")\n\n        return jsonify(user_info)\n\n    if __name__ == \"__main__\":\n        app.run(debug=True)\n",
  "title": "How to disable CSRF in flask?"
}