sh4nks wrote:

karloff010 wrote:

It seems that there is a general problem how sqlachemy handling 'csrf_token' in forum related operations

How come? CSRF tokens are entirely managed by Flask-WTF.

=============
Error message looks like sqlalchemy ... i face a lot of those in the past.
i've taken a look at the part where you pass it to sqlachlemy, looks like you pass along the whole wtf element which contains the csrf_token, too.

file:
flaskbb/management/forms.py

[...]
class EditForumForm(ForumForm):

id = HiddenField()

def __init__(self, forum, *args, **kwargs):
    self.forum = forum
    kwargs['obj'] = self.forum
    ForumForm.__init__(self, *args, **kwargs)

def save(self):
    data = self.data
    # remove the button
    data.pop('submit', None)
    forum = Forum(**data)
    # flush SQLA info from created instance so that it can be merged
    make_transient(forum)
    make_transient_to_detached(forum)

    return forum.save()

[...]

maybe you just need to declare it in the models

It seems that there is a general problem how sqlachemy handling 'csrf_token' in forum related operations

yes git state from today - by the way maybe its a good idea to add a hint for git clone to install guide