1. Dan Jacob
  2. flask-wtf

Source

flask-wtf / flaskext / wtf / __init__.py

Diff from to

File flaskext/wtf/__init__.py

             # ensure csrf validation occurs ONLY when formdata is passed
             # in case "csrf" is the only field in the form
 
-            if not formdata and not request.files:
+            if not formdata:
                 self.csrf_is_valid = False
             else:
                 self.csrf_is_valid = None