CSRF exempt for Flask-RESTPlus API
The @csrf.exempt method does not work with Resource methods or decorators, it should be done on Api level.
Here is an example how to exclude resources from CSRF protection based on class:
def csrf_exempt_my_resource(view):
if issubclass(view.view_class, MyResource):
return csrf.exempt(view)
return view
api_blueprint = Blueprint('api', __name__)
api = Api(api_blueprint, title='My API', decorators=[csrf_exempt_my_resource])
Or for all resources:
api_blueprint = Blueprint('api', __name__)
api = Api(api_blueprint, title='My Private API', decorators=[csrf.exempt])