Form validation fails due missing CSRF

Question

A few days ago I have reset my local flask environment without having captured the dependencies via a pip freeze before I deleted it. Hence I had to re-install

Answer 1

I finally found the problem after nearly a day working on it. :( Big thanks to Martijn though for his help.

The actual problem lies in the way the latest flask_wtf.csrf is working. The makers have overhauled it completely.

You have to replace all {{form.hidden_tag()}} in your templates with .

And you have now to enable CSRF protection explicitly by adding CsrfProtect(app).

The documentation is now obviously reflecting that, but I didn't know this has changed and was chasing ghosts.

Its a big problem with deprecated functionality without notifying the developer somehow. Anyone that upgrades now to the latest version, will be chasing ghosts like I did. But its also my fault not having taken a snapshot of my dependencies. Lesson learned the hard way.