By default, the flask framework has no CSRF protection but we can use Flask-WTF extension to enable the CSRF protection . Below is an example of how CSRF protection can be enabled. This will enable CSRF protection globally in the app and we will be protected against CSRF.