wtforms、CSRF、烧瓶、FieldList [英] wtforms, CSRF, flask, FieldList

查看:29
本文介绍了wtforms、CSRF、烧瓶、FieldList的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

在将 FieldList 与 WTForms 一起使用时,我无法通过验证.我不断收到此错误.{'csrf_token': [u'CSRF 令牌丢失']}.问题是如果我在 FieldList 字段中没有任何要验证的数据,则验证通过并且没有问题.但是当我尝试使用任何数据验证表单时,我收到该错误.

这是我的表格:

class FilterForm(wtf.Form):filter_value = wtf.TextField('Value', validators=[validators.Required()])filter_operator = wtf.SelectField('Operator', validators=[validators.Required()])filter_compare_value=wtf.TextField('比较值',validators=[validators.Required()])类重定向表单(wtf.Form):redirect_id = wtf.HiddenField('id')redirect_name = wtf.TextField('Name', validators=[validators.Required()])redirect_url = wtf.TextField('URL', validators=[validators.Required()])redirect_type = wtf.SelectField('Type', validators=[validators.Required()])redirect_method = wtf.SelectField('Method', validators=[validators.Required()])redirect_active = wtf.BooleanField('Is Active')redirect_filters_any = wtf.FieldList(wtf.FormField(FilterForm))redirect_filters_all = wtf.FieldList(wtf.FormField(FilterForm))

表单似乎显示正确并且工作正常,直到我将数据添加到 redirect_filters_anyredirect_filters_all

有没有办法为 FieldList 禁用 csrf 或将 CSRF 值传递给 FieldList?我想保持启用 CSRF 保护,但似乎无法解决此验证问题.

这是 Jinja2 模板

{% 扩展 "base.html" %}{% set active_page = "endpoints" %}{% 块 tail_script %}<script src="/static/js/page/redirects.js"></script>{% 结束块 %}{% 块内容 %}<div class="row12"><div class="span12"><ul class="面包屑"><li><a href="{{ url_for('list_endpoints') }}">端点</a><span class="divider">/</span></li><li><a href="{{ url_for('show_endpoint', id=endpoint_id) }}">{{endpoint_name}}</a><span class="divider">/</span></li>{% if redirect_id != 'new' %}
  • {{ form.redirect_name.data }}
    • {% 别的 %}<li class="active">新建</li>{% 万一 %}<form action="{{ url_for('edit_redirect', endpoint_id=endpoint_id, redirect_id=redirect_id) }}" class="form-horizo​​ntal" method="post"><legend>一般</legend>{{ form.hidden_​​tag() }}<div class="control-group {% if form.redirect_name.errors %}error{% endif %}"><div class="control-label">{{ form.redirect_name.label }}</div><div class="控件">{{ form.redirect_name|安全 }}{% if form.redirect_name.errors %}<span class="help-inline"><ul class="errors">{% for error in form.redirect_name.errors %}<li>{{ error }}</li>{% 结束为 %}</span>{% 万一 %}

    <div class="control-group {% if form.redirect_type.errors %}error{% endif %}"><div class="control-label">{{ form.redirect_type.label }}</div><div class="控件">{{ form.redirect_type|安全 }}{% if form.redirect_type.errors %}<span class="help-inline"><ul class="errors">{% for error in form.redirect_type.errors %}<li>{{ error }}</li>{% 结束为 %}</span>{% 万一 %}

    <div class="control-group {% if form.redirect_active.errors %}error{% endif %}"><div class="control-label">{{ form.redirect_active.label }}</div><div class="控件">{{ form.redirect_active|安全}}{% if form.redirect_active.errors %}<span class="help-inline"><ul class="errors">{% for error in form.redirect_active.errors %}<li>{{ error }}</li>{% 结束为 %}</span>{% 万一 %}

    <div class="control-group {% if form.redirect_method.errors %}error{% endif %}"><div class="control-label">{{ form.redirect_method.label }}</div><div class="控件">{{ form.redirect_method|安全}}{% if form.redirect_method.errors %}<span class="help-inline"><ul class="errors">{% for error in form.redirect_method.errors %}<li>{{ error }}</li>{% 结束为 %}</span>{% 万一 %}

    <div class="control-group {% if form.redirect_url.errors %}error{% endif %}"><div class="control-label">{{ form.redirect_url.label }}</div><div class="控件">{{ form.redirect_url|安全 }}{% if form.redirect_url.errors %}<span class="help-inline"><ul class="errors">{% for error in form.redirect_url.errors %}<li>{{ error }}</li>{% 结束为 %}</span>{% 万一 %}

    <legend>满足所有过滤器 <a href="#" class="btn addAllFilter">Add</a></legend><table class="stable-striped" id="all_filter_table">{% for f in form.redirect_filters_all %}<tr style="vertical-align:top;"><td>{{ f.filter_value }}{% 如果 f.filter_value.errors %}<br><div class="控制组错误"><span class="help-inline"><ul class="errors">{% for error in f.filter_value.errors %}<li>{{ error }}</li>{% 结束为 %}</span>

    {% 万一 %}</td><td>{{ f.filter_operator }}{% if f.filter_operator.errors %}<br><div class="控制组错误"><span class="help-inline"><ul class="errors">{% for error in f.filter_operator.errors %}<li>{{ error }}</li>{% 结束为 %}</span>

    {% 万一 %}</td><td>{{ f.filter_compare_value }}{% if f.filter_compare_value.errors %}<br><div class="控制组错误"><span class="help-inline"><ul class="errors">{% for error in f.filter_compare_value.errors %}<li>{{ error }}</li>{% 结束为 %}</span>

    {% 万一 %}</td><td><a href="#" class="btn remove">Remove</a></td></tr>{% 结束为 %}</tbody><legend>满足任何过滤器 <a href="#" class="btn addAnyFilter">Add</a></legend><table class="stable-striped" id="any_filter_table">{% for f in form.redirect_filters_any %}<tr style="vertical-align:top;"><td>{{ f.filter_value }}{% 如果 f.filter_value.errors %}<br><div class="控制组错误"><span class="help-inline"><ul class="errors">{% for error in f.filter_value.errors %}<li>{{ error }}</li>{% 结束为 %}</span>

    {% 万一 %}</td><td>{{ f.filter_operator }}{% if f.filter_operator.errors %}<br><div class="控制组错误"><span class="help-inline"><ul class="errors">{% for error in f.filter_operator.errors %}<li>{{ error }}</li>{% 结束为 %}</span>

    {% 万一 %}</td><td>{{ f.filter_compare_value }}{% if f.filter_compare_value.errors %}<br><div class="控制组错误"><span class="help-inline"><ul class="errors">{% for error in f.filter_compare_value.errors %}<li>{{ error }}</li>{% 结束为 %}</span>

    {% 万一 %}</td><td><a href="#" class="btn remove">Remove</a></td></tr>{% 结束为 %}</tbody>{% if g.user.user_type == 'admin' %}<div class="control-group"><div class="控件"><input class="btn btn-primary" type="submit" value="Save"/><a href="{{url_for('show_endpoint', id=endpoint_id)}}" class="btn">取消</a>

    {% 万一 %}</表单>

    {% 结束块 %}

    解决方案

    问题似乎是 Flask-WTForms Form 实际上是 wtforms.ext.SecureForm 的子类> - 禁用表单上的 csrf 保护的唯一方法是在构造表单时将关键字参数 csrf_enabled=False 传递给表单.由于 FormField 实际上处理表单的实例化,您可以:

    I'm having trouble passing through validation when using a FieldList with WTForms. I keep getting this error. {'csrf_token': [u'CSRF token missing']}. The problem is if I do not have any data to validate in the FieldList field, the validation passes and there are no issues. But when I try to validate the form with any data I get that error.

    Here are my forms:

    class FilterForm(wtf.Form):
    filter_value = wtf.TextField('Value', validators=[validators.Required()])
    filter_operator = wtf.SelectField('Operator', validators=[validators.Required()])
    filter_compare_value=wtf.TextField('Compare Value', validators=[validators.Required()])


class RedirectForm(wtf.Form):
    redirect_id = wtf.HiddenField('id')
    redirect_name = wtf.TextField('Name', validators=[validators.Required()])
    redirect_url = wtf.TextField('URL', validators=[validators.Required()])
    redirect_type = wtf.SelectField('Type', validators=[validators.Required()])
    redirect_method = wtf.SelectField('Method', validators=[validators.Required()])
    redirect_active = wtf.BooleanField('Is Active')
    redirect_filters_any = wtf.FieldList(wtf.FormField(FilterForm))
    redirect_filters_all = wtf.FieldList(wtf.FormField(FilterForm))

    The form seems to display correctly and works fine until I add data to either redirect_filters_any or redirect_filters_all

    Is there a way to disable csrf for the FieldList or pass a CSRF value to the FieldList? I want to keep CSRF protection enabled but can not seem to get past this validation problem.

    Here is the Jinja2 template

    {% extends "base.html" %}
{% set active_page = "endpoints" %}
{% block tail_script %}
<script src="/static/js/page/redirects.js"></script>
{% endblock %}
{% block content %}
<div class="row12">
    <div class="span12">
        <ul class="breadcrumb">
              <li><a href="{{ url_for('list_endpoints') }}">Endpoints</a> <span class="divider">/</span></li>
              <li><a href="{{ url_for('show_endpoint', id=endpoint_id) }}">{{endpoint_name}}</a> <span class="divider">/</span></li>
              {% if redirect_id != 'new' %}
              <li class="active">{{ form.redirect_name.data }}</li>
              {% else %}
              <li class="active">New</li>
              {% endif %}
        </ul>
        <form action="{{ url_for('edit_redirect', endpoint_id=endpoint_id, redirect_id=redirect_id) }}" class="form-horizontal" method="post">
            <legend>General</legend>
            {{ form.hidden_tag() }}
            <div class="control-group {% if form.redirect_name.errors %}error{% endif %}">
                <div class="control-label">{{ form.redirect_name.label }}</div>
                <div class="controls">
                    {{ form.redirect_name|safe }}
                    {% if form.redirect_name.errors %}
                    <span class="help-inline">
                         <ul class="errors">
                            {% for error in form.redirect_name.errors %}
                            <li>{{ error }}</li>
                            {% endfor %}
                        </ul>
                    </span>
                   {% endif %}
                </div>
            </div>
            <div class="control-group {% if form.redirect_type.errors %}error{% endif %}">
                <div class="control-label">{{ form.redirect_type.label }}</div>
                <div class="controls">
                    {{ form.redirect_type|safe }}
                    {% if form.redirect_type.errors %}
                    <span class="help-inline">
                         <ul class="errors">
                            {% for error in form.redirect_type.errors %}
                            <li>{{ error }}</li>
                            {% endfor %}
                        </ul>
                    </span>
                   {% endif %}
                </div>
            </div>
            <div class="control-group {% if form.redirect_active.errors %}error{% endif %}">
                <div class="control-label">{{ form.redirect_active.label }}</div>
                <div class="controls">
                    {{ form.redirect_active|safe }}
                    {% if form.redirect_active.errors %}
                    <span class="help-inline">
                         <ul class="errors">
                            {% for error in form.redirect_active.errors %}
                            <li>{{ error }}</li>
                            {% endfor %}
                        </ul>
                    </span>
                   {% endif %}
                </div>
            </div>
            <div class="control-group {% if form.redirect_method.errors %}error{% endif %}">
                <div class="control-label">{{ form.redirect_method.label }}</div>
                <div class="controls">
                    {{ form.redirect_method|safe }}
                    {% if form.redirect_method.errors %}
                    <span class="help-inline">
                         <ul class="errors">
                            {% for error in form.redirect_method.errors %}
                            <li>{{ error }}</li>
                            {% endfor %}
                        </ul>
                    </span>
                   {% endif %}
                </div>
            </div>
            <div class="control-group {% if form.redirect_url.errors %}error{% endif %}">
                <div class="control-label">{{ form.redirect_url.label }}</div>
                <div class="controls">
                    {{ form.redirect_url|safe }}
                    {% if form.redirect_url.errors %}
                    <span class="help-inline">
                         <ul class="errors">
                            {% for error in form.redirect_url.errors %}
                            <li>{{ error }}</li>
                            {% endfor %}
                        </ul>
                    </span>
                   {% endif %}
                </div>
            </div>
            <legend>Meet All Filters <a href="#" class="btn addAllFilter">Add</a></legend>
            <table class="stable-striped" id="all_filter_table">
                <tbody>
            {% for f in form.redirect_filters_all %}
                <tr style="vertical-align:top;">
                    <td>    
                        {{ f.filter_value }}
                        {% if f.filter_value.errors %}
                        <br>
                        <div class="control-group error">
                            <span class="help-inline">
                                 <ul class="errors">
                                    {% for error in f.filter_value.errors %}
                                    <li>{{ error }}</li>
                                    {% endfor %}
                                </ul>
                            </span>
                        </div>
                        {% endif %}
                    </td>
                    <td>    
                        {{ f.filter_operator }}
                        {% if f.filter_operator.errors %}
                        <br>
                        <div class="control-group error">
                            <span class="help-inline">
                                 <ul class="errors">
                                    {% for error in f.filter_operator.errors %}
                                    <li>{{ error }}</li>
                                    {% endfor %}
                                </ul>
                            </span>
                        </div>
                        {% endif %}
                    </td>
                    <td>    
                        {{ f.filter_compare_value }}
                        {% if f.filter_compare_value.errors %}
                        <br>
                        <div class="control-group error">
                            <span class="help-inline">
                                 <ul class="errors">
                                    {% for error in f.filter_compare_value.errors %}
                                    <li>{{ error }}</li>
                                    {% endfor %}
                                </ul>
                            </span>
                        </div>
                        {% endif %}
                    </td>
                    <td><a href="#" class="btn remove">Remove</a></td>
                </tr>
            {% endfor %}
                </tbody>
            </table>
            <legend>Meet Any Filters <a href="#" class="btn addAnyFilter">Add</a></legend>
            <table class="stable-striped" id="any_filter_table">
                <tbody>
            {% for f in form.redirect_filters_any %}
                <tr style="vertical-align:top;">
                    <td>    
                        {{ f.filter_value }}
                        {% if f.filter_value.errors %}
                        <br>
                        <div class="control-group error">
                            <span class="help-inline">
                                 <ul class="errors">
                                    {% for error in f.filter_value.errors %}
                                    <li>{{ error }}</li>
                                    {% endfor %}
                                </ul>
                            </span>
                        </div>
                        {% endif %}
                    </td>
                    <td>    
                        {{ f.filter_operator }}
                        {% if f.filter_operator.errors %}
                        <br>
                        <div class="control-group error">
                            <span class="help-inline">
                                 <ul class="errors">
                                    {% for error in f.filter_operator.errors %}
                                    <li>{{ error }}</li>
                                    {% endfor %}
                                </ul>
                            </span>
                        </div>
                        {% endif %}
                    </td>
                    <td>    
                        {{ f.filter_compare_value }}
                        {% if f.filter_compare_value.errors %}
                        <br>
                        <div class="control-group error">
                            <span class="help-inline">
                                 <ul class="errors">
                                    {% for error in f.filter_compare_value.errors %}
                                    <li>{{ error }}</li>
                                    {% endfor %}
                                </ul>
                            </span>
                        </div>
                        {% endif %}
                    </td>
                    <td><a href="#" class="btn remove">Remove</a></td>
                </tr>
            {% endfor %}
                </tbody>
            </table>
            {% if g.user.user_type == 'admin' %}
            <div class="control-group">
                <div class="controls">
                    <input class="btn btn-primary" type="submit" value="Save"/>
                    <a href="{{url_for('show_endpoint', id=endpoint_id)}}" class="btn">Cancel</a>
                </div>
            </div>
            {% endif %}
        </form>
    </div>
</div>
{% endblock %}

    解决方案

    The issue seems to be that Flask-WTForms Form is actually a subclass of wtforms.ext.SecureForm - and the only way to disable the csrf protection on a form is to pass the keyword argument csrf_enabled=False to the form when constructing it. Since FormField actually handles instantiating the form and you can either:

    这篇关于wtforms、CSRF、烧瓶、FieldList的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

    查看全文
    相关文章
    其他开发最新文章
    热门教程
    热门工具
    登录 关闭
    扫码关注1秒登录
    发送“验证码”获取 | 15天全站免登陆