Bird
0
0

Which of the following is the correct way to enable CSRF protection in a Flask app?

easy📝 Syntax Q12 of 15
Flask - Security Best Practices
Which of the following is the correct way to enable CSRF protection in a Flask app?
Aapp = Flask(__name__) app.secret_key = 'secret' csrf = CSRFProtect(app)
Bapp = Flask(__name__) csrf = CSRFProtect() app.secret_key = 'secret'
Capp = Flask(__name__) csrf = CSRFProtect(app) app.secret_key = None
Dapp = Flask(__name__) app.secret_key = None csrf = CSRFProtect(app)
Step-by-Step Solution
Solution:

  1. Step 1: Set secret key before CSRFProtect

    CSRF protection requires a secret key set on the Flask app for token generation.

  2. Step 2: Initialize CSRFProtect with app

    Passing the app instance to CSRFProtect enables protection on the app.

  3. Final Answer:

    app = Flask(__name__) app.secret_key = 'secret' csrf = CSRFProtect(app) -> Option A

  4. Quick Check:

    Secret key set + CSRFProtect(app) = correct setup [OK]
Quick Trick: Set secret_key before CSRFProtect(app) call [OK]
Common Mistakes:
MISTAKES
  • Not setting secret_key or setting it after CSRFProtect
  • Passing no app to CSRFProtect
  • Setting secret_key to None disables protection

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Flask Quizzes
Deployment - Environment variable management - Quiz 12easy Deployment - Database migration in deployment - Quiz 7medium Middleware and Extensions - Flask-Compress for compression - Quiz 5medium Performance Optimization - Profiling Flask applications - Quiz 3easy Performance Optimization - Lazy loading vs eager loading - Quiz 7medium Security Best Practices - Session security - Quiz 4medium Security Best Practices - SQL injection prevention - Quiz 2easy Testing Flask Applications - Testing forms and POST data - Quiz 7medium Testing Flask Applications - Testing with database - Quiz 8hard WebSocket and Real-Time - WebSocket events handling - Quiz 4medium