Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

Problem with Python script..

Newbie Spellweaver
Joined
Jan 18, 2015
Messages
65
Reaction score
8
I have a python search engine that a friend of mine created. My friend assigned me to fix a certain issue with the script.

The error that I'm getting is "CSRF Token missing or incorrect". I'm not using Django..I'm using Flask-User.

When I type in the "search" box and hit search, I get the error. I don't know anything about the script..but he wants me to fix the problem..and I don't know python well either.
 
Newbie Spellweaver
Joined
Jan 18, 2015
Messages
65
Reaction score
8
Well, is there a csrf token submitted along with the search value? Do you know what a csrf token is? Do you know anything? Have you tried anything? Have you found out anything?

Yes, there is a hidden tag within the form containing code to generate the CSRF token. Not exactly sure what a CSRF token is, I'm sure it has something to do with security. I only know html and php. I have tried sifting through all the files that are available to me, and I only found 2 files that my friend has added a comment line regarding the CSRF token. I have tried removing the CSRF token tags for both the search form and the search results page, and it still doesn't work.

There are two search result templates, one is supposed to be the search results page, and one is a dummy page that displays the CSRF token.
 
Watching from above
Legend
Joined
Apr 9, 2004
Messages
3,828
Reaction score
752
You could look up CSRF token like on wikipedia. It's a universal concept and not tied to python world. Basically it's supposed to be a one-time token generated by the server with the intention of verifying the validity of the form, so that no 3rd party is able to submit the form on your behalf even if they have your cookie (since the token is already used up as soon as the form is submitted once).

I'm guessing removing csrf code in your own files might not help if flask is configured to require the token whenever there's a POST request. I don't have any specific knowledge on this because I'm not very familiar with flask.
 
Newbie Spellweaver
Joined
Jan 18, 2015
Messages
65
Reaction score
8
Yeah it has to be hard coded into flask..because there's a code in the config file of the search engine script to disable and enable csrf token. And when I try to disable it and remove the csrf tags from the form, it still shows the error.

My friend says he just wants the page to process. If I access the search results page directly, there's no error. Just an error on submission.

I guess the only other option to look into is to see what token Flask is using, and compare it to the token value supplied in the config file of the script.
 
Watching from above
Legend
Joined
Apr 9, 2004
Messages
3,828
Reaction score
752
I guess the only other option to look into is to see what token Flask is using, and compare it to the token value supplied in the config file of the script.
Be aware that csrf token is unique per request, a new one generated for every request. It is typically created when the form is loaded from the server with a GET request, and verified on the next POST request. It is probably not stored at all but rather generated in a way that the server is able to quickly do a checksummish calculation on it based on a secret key to verify that the token was indeed generated by it, but no one else is able to generate a valid token without the secret key that only the server knows. This is similar to how user passwords can be hashed into a database; the hash itself doesn't tell much but when combined with the secret key it can be deduced whether it's a match or not.
 
Joined
Sep 2, 2006
Messages
1,965
Reaction score
33
sounds like your using flask / jinja2, i'l admit i didn't read everything but the reason you are getting the error is most likely beacuse you are missing:

Code:
{{ form.csrf_token }}
some where in the <form> tags.
 
Back
Top