flask-graphql icon indicating copy to clipboard operation
flask-graphql copied to clipboard

Published 20 hours ago verified publisher icon graphql-python

CSRF Exemption?

Open KrishyV opened this issue 5 years ago • 1 comments

With Django and Graphene users can do the following to exempt the graphql endpoint from CSRF authentication.

urlpatterns = [
    path("admin/", admin.site.urls),
    path("graphql", csrf_exempt(GraphQLView.as_view(graphiql=True, schema=schema))),
]

How can one do this with Flask-GraphQL?

app.add_url_rule(
    '/graphql',
    view_func=GraphQLView.as_view(
        'graphql',
        schema=schema,
        graphiql=True

    )
)```

KrishyV avatar Sep 18 '20 09:09 KrishyV

Not quite a solution as elegant as what Django has but here is what I did.

I created a Blueprint just for my GraphQL API and exempted the whole blueprint from CSRF.

api.add_url_rule(
    '/graphql',
    view_func=GraphQLView.as_view(
        'graphql',
        schema=schema,
        graphiql=True
    )
)

csrf.exempt(api)

KrishyV avatar Sep 24 '20 10:09 KrishyV