Thursday, July 30, 2020

Re: Can't get rid of "CSRF verification failed. Request aborted.: when submit form with nothing selected

Hi, 

I am glad that I could help you. Cheerz

Regards,
Amitesh


On Friday, 31 July, 2020, 01:16:14 am IST, Isha Thakur <isha.thakur@enablence.com> wrote:


Hi, 

I think, it can help you.

You should never compare the complete HTML content. Just check the functionalities. In case you need disabling the csrf at any cost, following logic should help I guess.

In your views.py file, add the following package

from django.views.decorators.csrf import csrf_exempt

Then just before the function definintion, in which you are performing your checks, add this snippet:

@csrf_exempt

This will disable the default verification of csrf. Even if your incoming request has a hidden csrf token, your server function will completely ignore it. This should do the trick of disabling the csrf.



Regards



From: django-users@googlegroups.com <django-users@googlegroups.com> on behalf of coolguy <cooldjangoprogrammer@gmail.com>
Sent: July 29, 2020 10:05 PM
To: Django users <django-users@googlegroups.com>
Subject: Re: Can't get rid of "CSRF verification failed. Request aborted.: when submit form with nothing selected
 
By default, Django checks for the CSRF token in all POST requests. Remember to include the csrf_token tag in all forms that are submitted via POST.

Please place csrf_token in <form> tag. You have placed it outside of form tag.

On Wednesday, July 29, 2020 at 9:57:41 PM UTC-4, Christian Seberino wrote:
Here is my template...

{% extends "html_base" %}
{% block body_elements %}

<div id = "admin_status">
        <form action = "." method = "post">
                <p>UPDATE STATUSES</p>
                <table>
                        {% for e in both %}
                                <tr>
                                        <td>
                                                {{e.0.customer.first}}
                                                {{e.0.customer.last}}
                                        </td>
                                        <td>
                                                {{e.0.date|date:"Y-m-d"}}
                                                &nbsp;
                                                &nbsp;
                                                &nbsp;
                                                {{e.0.time|time:"h:i A"}}
                                        </td>
                                        <td>{{e.1}} Completed</td>
                                </tr>
                        {% endfor %}
                </table>
                <p><input type = "submit" value = "UPDATE STATUSES"/></p>
        </form>

        <p><a href = "/admin">Go Back To Admin Page</a></p>

        {% csrf_token %}
</div>

{% endblock %}


Here is the view....

def admin_status(request):
        appts = [e for e in APPT.objects.all() if e.status != "Completed"]
        appts = sorted(appts,
                       key = lambda a : a.customer.last + a.customer.first +   \
                                                    str(a.date) + str(a.time))
        if request.method == "POST":
                form = grandmas4hire.forms. StatusForm(request.POST)

                if form.is_valid():
                        # Need to enter more code here when this page works...
                        reply = django.shortcuts.redirect("/ admin_status")
                else:
                        both  = [(e, form.fields[str(e.id)]) for e in appts]
                        reply = django.shortcuts.render( request,
                                                        "admin_status.html",
                                                        {"both" : both})
        else:
                form  = grandmas4hire.forms. StatusForm()
                both  = [(e, form[str(e.id)]) for e in appts]
                reply = django.shortcuts.render( request,
                                                "admin_status.html",
                                                {"both" : both})

        return reply


Here is the dynamic form StatusForm....

class StatusForm(django.forms.Form):
        def __init__(self, *args, **kwargs):
                super().__init__(*args, **kwargs)
                for e in grandmas4hire.models. Appointment.objects.all():
                        self.fields[str(e.id)] =                               \
                                   django.forms.BooleanField( required = False)


(I need to make a dynamic form because I needed 1 field for each Appointment object.)

Chris

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/bf5f876f-746f-4efd-bdd0-8510ab0ca426o%40googlegroups.com.
NOTICE:This email and any files transmitted with it are Enablence confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender. This message contains Enablence confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/DM6PR12MB4579AD3D39BCEA3812885704F0710%40DM6PR12MB4579.namprd12.prod.outlook.com.

No comments:

Post a Comment