Now I will add a CSRF token to my application by triggering a get request on the route "/csrf_token/get." which provides a csrf token in the form of a cookie in the browser.
I will set the same site attribute in the cookie as "Lax" because whenever a get request is made to my API from a third-party website, it will send the cookie, but in the case of the post method, it will not. So that's why it is safe to use cookies for CSRF protection.
<pre><code>from flask import Blueprint, jsonify, make_response
from flask_wtf.csrf import generate_csrf
from extensions.server import app

csrf_token = Blueprint('csrf_token',__name__)

@csrf_token.route("/get")
def csrf_token_get():
 res = make_response({'csrf_token':'setted'})
 res.set_cookie('csrf_token',generate_csrf(secret_key=app.config['SECRET_KEY']),samesite='Lax')
 return res
</code></pre>

Now I will add a CSRF token to my application by triggering a get request on the route "/csrf_token/get." which provides a csrf token in the form of a cookie in the browser.

I will set the same site attribute in the cookie as "Lax" because whenever a get request is made to my API from a third-party website, it will send the cookie, but in the case of the post method, it will not. So that's why it is safe to use cookies for CSRF protection.


```
from flask import Blueprint, jsonify, make_response
from flask_wtf.csrf import generate_csrf
from extensions.server import app

csrf_token = Blueprint('csrf_token',__name__)

@csrf_token.route("/get")
def csrf_token_get():
    res = make_response({'csrf_token':'setted'})
    res.set_cookie('csrf_token',generate_csrf(secret_key=app.config['SECRET_KEY']),samesite='Lax')
    return res
``` 


CSRF token API

Creating CSRF token generating api.