Can anyone guide me on how to use Flask-WTF CSRF protection when using Fetch? API docs doesnt seem to be clear on what to do with the CSRF token generated per request
I keep getting this error
The CSRF session token is missing.
and my javascript code:
let payload = {
// some data,
"X-CSRFToken": csrf_token
}
let header = { 'content-type': 'application/json','accept': 'application/json',"X-CSRFToken": csrf_token}
paypal.Buttons({
createOrder: function(data, actions) {
return fetch(prefix.concat("/payment/paypalCreate"), {
method: "POST",
headers: header ,
body:JSON.stringify(payload),
credentials: 'same-origin',
})
.then(function(res) {
return res.json();
}).then(function(data) {
console.log(typeof(data))
return data.id
})
.catch(err => {
console.log(err);
});
}