Challenge - 5 Problems

🎖️

CSRF Protection Mastery

Get all challenges correct to earn this badge!

Test your skills under time pressure!

🧠 Conceptual

intermediate

1:30remaining

What is the main purpose of CSRF protection in Flask?

CSRF protection is important in web applications. What does it mainly prevent?

AIt prevents attackers from submitting forms on behalf of authenticated users without their consent.

BIt stops users from entering invalid data in forms.

CIt encrypts user passwords before storing them in the database.

DIt blocks all external requests to the Flask server.

Attempts:

2 left

❓ component_behavior

intermediate

1:30remaining

What happens if a Flask form is submitted without a valid CSRF token?

Consider a Flask app using Flask-WTF with CSRF enabled. What is the typical behavior when a form is submitted without the correct CSRF token?

AThe server ignores the CSRF token and logs a warning but processes the form.

BThe form submission is accepted and processed normally.

CThe server raises a <code>CSRFError</code> and rejects the request.

DThe server redirects the user to the homepage without any message.

Attempts:

2 left

📝 Syntax

advanced

2:00remaining

Which Flask code snippet correctly enables CSRF protection using Flask-WTF?

Choose the code that properly sets up CSRF protection in a Flask app using Flask-WTF.

Flask

from flask import Flask
from flask_wtf import CSRFProtect

app = Flask(__name__)
app.config['SECRET_KEY'] = 'secret!'

# Which line correctly enables CSRF protection?

Acsrf = CSRFProtect(app)

csrf = CSRFProtect(app)
app.csrf = csrf

csrf = CSRFProtect()
csrf.init_app(app)

app.csrf = CSRFProtect(app)
csrf.init_app(app)

Attempts:

2 left

🔧 Debug

advanced

2:00remaining

Why does this Flask form raise a CSRF error despite using Flask-WTF?

Given this Flask form code, why might a CSRF error occur?

Flask

from flask_wtf import FlaskForm
from wtforms import StringField, SubmitField

class MyForm(FlaskForm):
    name = StringField('Name')
    submit = SubmitField('Send')

# In the template:
# &lt;form method="POST"&gt;
#   {{ form.name.label }} {{ form.name() }}
#   {{ form.submit() }}
# &lt;/form&gt;

AThe form uses GET method instead of POST.

BThe template is missing the {{ form.csrf_token }} field inside the form.

CThe form class does not inherit from FlaskForm.

DThe submit button is not named 'submit'.

Attempts:

2 left

❓ state_output

expert

2:30remaining

What is the output of this Flask route when CSRF token is missing in POST request?

Consider this Flask route using Flask-WTF CSRF protection. What response will the client receive if the POST request lacks a CSRF token?

Flask

from flask import Flask, request
from flask_wtf import CSRFProtect

app = Flask(__name__)
app.config['SECRET_KEY'] = 'secret!'
csrf = CSRFProtect()
csrf.init_app(app)

@app.route('/submit', methods=['POST'])
def submit():
    return 'Form submitted successfully'

# Client sends POST to /submit without CSRF token.

AHTTP 400 Bad Request with a CSRF error message.

BHTTP 200 OK with 'Form submitted successfully'.

CHTTP 500 Internal Server Error due to missing token.

DHTTP 302 Redirect to the login page.

Attempts:

2 left