The issue seems to be that Flask-WTForms Form
is actually a subclass of wtforms.ext.SecureForm
- and the only way to disable the csrf protection on a form is to pass the keyword argument csrf_enabled=False
to the form when constructing it. Since FormField
actually handles instantiating the form and you can either:
- Create a subclass of
FormField
that will let you pass in form keyword arguments
or - Subclass
wtforms.Form
rather thanflask.ext.wtforms.Form
for yourFilterForm
(as long as you never display aFilterForm
on its own you won't need to worry about CSRF).