Find csrf token from form in PUT and PATCH requests. #86

pallets-eco · Aug 28, 2013 · 4edbc77 · 4edbc77
1 parent d94a343
commit 4edbc77
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/flask_wtf/csrf.py b/flask_wtf/csrf.py
@@ -153,8 +153,7 @@ def _csrf_protect():
                     return
 
             csrf_token = None
-            if request.method == 'POST':
-                # DELETE has no form
+            if request.method in ('POST', 'PUT', 'PATCH'):
                 csrf_token = request.form.get('csrf_token')
             if not csrf_token:
                 # You can get csrf token from header