Wednesday, July 29, 2020

Re: Can't get rid of "CSRF verification failed. Request aborted.: when submit form with nothing selected

By default, Django checks for the CSRF token in all POST requests. Remember to include the csrf_token tag in all forms that are submitted via POST.

Place csrf_token within form tag...
e.g.
<form>
   {% csrf_token%}
</form> tag

On Wednesday, July 29, 2020 at 9:57:41 PM UTC-4, Christian Seberino wrote:
Here is my template...

{% extends "html_base" %}
{% block body_elements %}

<div id = "admin_status">
        <form action = "." method = "post">
                <p>UPDATE STATUSES</p>
                <table>
                        {% for e in both %}
                                <tr>
                                        <td>
                                                {{e.0.customer.first}}
                                                {{e.0.customer.last}}
                                        </td>
                                        <td>
                                                {{e.0.date|date:"Y-m-d"}}
                                                &nbsp;
                                                &nbsp;
                                                &nbsp;
                                                {{e.0.time|time:"h:i A"}}
                                        </td>
                                        <td>{{e.1}} Completed</td>
                                </tr>
                        {% endfor %}
                </table>
                <p><input type = "submit" value = "UPDATE STATUSES"/></p>
        </form>

        <p><a href = "/admin">Go Back To Admin Page</a></p>

        {% csrf_token %}
</div>

{% endblock %}


Here is the view....

def admin_status(request):
        appts = [e for e in APPT.objects.all() if e.status != "Completed"]
        appts = sorted(appts,
                       key = lambda a : a.customer.last + a.customer.first +   \
                                                    str(a.date) + str(a.time))
        if request.method == "POST":
                form = grandmas4hire.forms.StatusForm(request.POST)

                if form.is_valid():
                        # Need to enter more code here when this page works...
                        reply = django.shortcuts.redirect("/admin_status")
                else:
                        both  = [(e, form.fields[str(e.id)]) for e in appts]
                        reply = django.shortcuts.render(request,
                                                        "admin_status.html",
                                                        {"both" : both})
        else:
                form  = grandmas4hire.forms.StatusForm()
                both  = [(e, form[str(e.id)]) for e in appts]
                reply = django.shortcuts.render(request,
                                                "admin_status.html",
                                                {"both" : both})

        return reply


Here is the dynamic form StatusForm....

class StatusForm(django.forms.Form):
        def __init__(self, *args, **kwargs):
                super().__init__(*args, **kwargs)
                for e in grandmas4hire.models.Appointment.objects.all():
                        self.fields[str(e.id)] =                               \
                                   django.forms.BooleanField(required = False)


(I need to make a dynamic form because I needed 1 field for each Appointment object.)

Chris

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/925bb0d1-2510-4c88-bf05-d0501999a5e1o%40googlegroups.com.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)