Complete the code to import the CSRF protection extension in Flask.
from flask_wtf.csrf import [1]
The CSRFProtect class is imported from flask_wtf.csrf to enable CSRF protection in Flask apps.
Complete the code to initialize CSRF protection for the Flask app.
csrf = [1](app)We create an instance of CSRFProtect and pass the Flask app to enable CSRF protection.
Fix the error in the form template to include the CSRF token field.
<form method="POST"> [1] <input type="text" name="username"> <input type="submit" value="Submit"> </form>
In Flask-WTF templates, the CSRF token is included with {{ form.csrf_token }}.
Fill both blanks to create a FlaskForm with a CSRF-protected text field and submit button.
from flask_wtf import FlaskForm from wtforms import StringField, SubmitField class MyForm(FlaskForm): name = [1]('Name') submit = [2]('Send')
The form uses StringField for text input and SubmitField for the submit button, both protected by CSRF automatically.
Fill all three blanks to validate the CSRF token in a Flask route handling POST requests.
from flask import Flask, render_template, request from flask_wtf.csrf import CSRFProtect app = Flask(__name__) app.config['SECRET_KEY'] = 'secret' csrf = CSRFProtect(app) @app.route('/submit', methods=['GET', 'POST']) def submit(): form = MyForm() if request.method == '[1]' and form.[2](): # Process form data return 'Success' return render_template('submit.html', form=[3])
The route checks if the request method is POST, then calls form.validate_on_submit() to validate including CSRF token, and passes the form to the template.