Hi,
I think, it can help you.
You should never compare the complete HTML content. Just check the functionalities. In case you need disabling the csrf at any cost, following logic should help I guess.
In your views.py file, add the following package
from django.views.decorators.csrf import csrf_exempt
Then just before the function definintion, in which you are performing your checks, add this snippet:
@csrf_exempt
This will disable the default verification of csrf. Even if your incoming request has a hidden csrf token, your server function will completely ignore it. This should do the trick of disabling the csrf.
Regards
 | You should never compare the complete HTML content. Just check the functionalities. In case you need disabling the csrf at any cost, following logic should help I guess.. In your views.py file, add the following package. from django.views.decorators.csrf import csrf_exempt stackoverflow.com |
From: django-users@googlegroups.com <django-users@googlegroups.com> on behalf of coolguy <cooldjangoprogrammer@gmail.com>
Sent: July 29, 2020 10:05 PM
To: Django users <django-users@googlegroups.com>
Subject: Re: Can't get rid of "CSRF verification failed. Request aborted.: when submit form with nothing selected
Sent: July 29, 2020 10:05 PM
To: Django users <django-users@googlegroups.com>
Subject: Re: Can't get rid of "CSRF verification failed. Request aborted.: when submit form with nothing selected
By default, Django checks for the CSRF token in all POST requests. Remember to include the csrf_token tag in all forms that are submitted via POST.
Please place csrf_token in <form> tag. You have placed it outside of form tag.
On Wednesday, July 29, 2020 at 9:57:41 PM UTC-4, Christian Seberino wrote:
Here is my template...
{% extends "html_base" %}
{% block body_elements %}
<div id = "admin_status">
<form action = "." method = "post">
<p>UPDATE STATUSES</p>
<table>
{% for e in both %}
<tr>
<td>
{{e.0.customer.first}}
{{e.0.customer.last}}
</td>
<td>
{{e.0.date|date:"Y-m-d"}}
{{e.0.time|time:"h:i A"}}
</td>
<td>{{e.1}} Completed</td>
</tr>
{% endfor %}
</table>
<p><input type = "submit" value = "UPDATE STATUSES"/></p>
</form>
<p><a href = "/admin">Go Back To Admin Page</a></p>
{% csrf_token %}
</div>
{% endblock %}
Here is the view....
def admin_status(request):
appts = [e for e in APPT.objects.all() if e.status != "Completed"]
appts = sorted(appts,
key = lambda a : a.customer.last + a.customer.first + \
str(a.date) + str(a.time))
if request.method == "POST":
form = grandmas4hire.forms.StatusForm(request.POST)
if form.is_valid():# Need to enter more code here when this page works...
reply = django.shortcuts.redirect("/admin_status")
else:
both = [(e, form.fields[str(e.id)]) for e in appts]
reply = django.shortcuts.render(request,
"admin_status.html",
{"both" : both})
else:
form = grandmas4hire.forms.StatusForm()
both = [(e, form[str(e.id)]) for e in appts]
reply = django.shortcuts.render(request,
"admin_status.html",
{"both" : both})
return reply
Here is the dynamic form StatusForm....
class StatusForm(django.forms.Form):
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
for e in grandmas4hire.models.Appointment.objects.all():
self.fields[str(e.id)] = \
django.forms.BooleanField(required = False)
(I need to make a dynamic form because I needed 1 field for each Appointment object.)
Chris
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/bf5f876f-746f-4efd-bdd0-8510ab0ca426o%40googlegroups.com.
No comments:
Post a Comment