starlette-wtf all-in-one example


The following starlette-wtf code example implements a simple form handler with CSRF protection. The form has a required string field and validation errors are handled by the html template.

Note that CSRF protection requires SessionMiddleware, CSRFProtectMiddleware, @csrf_protect and the csrf_token field to be added to the HTML form.

First, install the dependencies for this quickstart:

$ pip install starlette starlette-wtf jinja2 uvicorn

Next, create a Python file ( with the following code:

from jinja2 import Template
from starlette.applications import Starlette
from starlette.middleware import Middleware
from starlette.middleware.sessions import SessionMiddleware
from starlette.responses import PlainTextResponse, HTMLResponse
from starlette_wtf import StarletteForm, CSRFProtectMiddleware, csrf_protect
from wtforms import StringField
from wtforms.validators	import DataRequired

class MyForm(StarletteForm):
    name = StringField('name', validators=[DataRequired()])

template = Template('''
    <form method="post" novalidate>
      {{ form.csrf_token }}
        {{'Name') }}
        {% if -%}
        <span>{{[0] }}</span>
        {%- endif %}
      <button type="submit">Submit</button>

app = Starlette(middleware=[
    Middleware(SessionMiddleware, secret_key='***REPLACEME1***'),
    Middleware(CSRFProtectMiddleware, csrf_secret='***REPLACEME2***')

@app.route('/', methods=['GET', 'POST'])
async def index(request):
    """GET|POST /: form handler
    form = await MyForm.from_formdata(request)

    if await form.validate_on_submit():
        return PlainTextResponse('SUCCESS')

    html = template.render(form=form)
    return HTMLResponse(html)

Finally, run the app using the following command:

$ uvicorn app:app

Code example provided in the readme file of the starlette-wtf project on github.

About starlette-wtf

starlette-wtf - a simple tool for integrating Starlette and WTForms.