The CSRF token is missing #479
Description
Describe the bug
I'm using rq-dashboard integrated to my flask app as described here: https://github.com/Parallels/rq-dashboard#integrating-the-dashboard-in-your-flask-app
When trying to delete a job (e.g. failed job) I get a 400 response with the message "The CSRF token is missing", and the job is not deleted. The same error seems to happen for any POST, including emptying a queue or other functions.
To Reproduce
Steps to reproduce the behavior:
- Go to Queues -> Failed Jobs (for a selected queue)
- Click on Delete (for a selected job)
- See 400 error in logs or browser console
Expected behavior
I was expecting the job to be deleted and the page refreshed.
Additional context
- Flask 3.0.0
- Flask-WTF 1.2.1
- Python Version 3.11
- rq-dashboard 0.6.7
I tried various attempts to exempt the rq blueprint from csrf, but it didn't work. I'd be fine with a way to disable csrf for all rq-dashboard routes.
In looking at the code, I did notice that the dashboard.js does have something related to the csrf cookie, but the job.js does not. I'm not an expert on how csrf works exactly, but wondering if that could be it? It was mentioned in this PR #299