Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix csrf.error_handler example in docs
The example code in the docs for @csrf.error_handler does not work correctly (as noted in wtforms#200). Rather than showing a custom error page for CSRF violations, it silences all CSRF errors across the app. This change alters the example to correctly show a custom error page, using the code written by @wobsta in wtforms#200. I tested the new example code in versions 0.12 and 0.11. From testing the existing example on 0.11 and 0.12, it looks like what actually happened here is a regression, specifically during the refactor in e85808b. A fix was proposed but rejected in wtforms#209. In lieu of making that change or otherwise patching this, it'd be good to update the docs with a working example. Someone using the existing example code with version 0.12 would actually not have CSRF protection at all.
- Loading branch information