wtforms,CSRF,flask,FieldList [英] wtforms, CSRF, flask, FieldList
问题描述
在WTForms中使用 FieldList 时,我无法通过验证。我不断收到这个错误。 {'csrf_token':[u'CSRF token missing']} 。问题是如果我没有任何数据在 FieldList 字段验证,验证通过,并没有问题。但是,当我尝试验证与任何数据的表单,我得到的错误。
以下是我的表单:
class FilterForm(wtf.Form ):
filter_value = wtf.TextField('Value',validators = [validators.Required()])
filter_operator = wtf.SelectField('Operator',validators = [validators.Required()])
filter_compare_value = wtf.TextField('Compare Value',validators = [validators.Required()])
$ b $ class RedirectForm(wtf.Form):
redirect_id = wtf.HiddenField('id')
redirect_name = wtf.TextField('Name',validators = [validators.Required()])
redirect_url = wtf.TextField('URL',validators = [ validators.Required()])
redirect_type = wtf.SelectField('Type',validators = [validators.Required()])
redirect_method = wtf.SelectField('Method',validators = [validators。 Required()])
redirect_active = wtf.BooleanField('Is Active')
redirect_filters_any = wtf.FieldList(wtf.FormField(FilterForm))
redirect_filters_all = wtf.Fiel dList(wtf.FormField(FilterForm))
表单似乎正确显示并正常工作,直到我添加数据到 redirect_filters_any 或 redirect_filters_all
有没有如何禁用 FieldList 的csrf或将CSRF值传递给 FieldList ?我想保持CSRF保护,但似乎无法通过这个验证问题。
这是Jinja2模板
{%extendsbase.html%}
{%set active_page =endpoints%}
{%block tail_script%}
< script src =/ static / js / page / redirects.js>< / script>
{%endblock%}
{%block content%}
< div class =row12>
< div class =span12>
< ul class =breadcrumb>
< li>< a href ={{url_for('list_endpoints')}}>端点< / a> < span class =divider> /< / span>< / li>
< li>< a href ={{url_for('show_endpoint',id = endpoint_id)}}> {{endpoint_name}}< / a> < span class =divider> /< / span>< / li>
{%if redirect_id!='new'%}
< li class =active> {{form.redirect_name_name.data}}< / li>
{%else%}
< li class =active>新< / li>
{%endif%}
< / ul>
< form action ={{url_for('edit_redirect',endpoint_id = endpoint_id,redirect_id = redirect_id)}}class =form-horizontalmethod =post>
<图片>常规< /图例>
{{form.hidden_tag()}}
< div class =control-group {%if form.redirect_name.errors%} error {%endif%}>
< div class =control-label> {{form.redirect_name.label}}< / div>
< div class =controls>
{{form.redirect_name | safe}}
{%if form.redirect_name.errors%}
< span class =help-inline>
< ul class =errors>
{%for form.redirect_name.errors%中的错误}
< li> {{error}}< / li>
{%endfor%}
< / ul>
< / span>
{%endif%}
< / div>
< / div>
< div class =control-group {%if form.redirect_type.errors%} error {%endif%}>
< div class =control-label> {{form.redirect_type.label}}< / div>
< div class =controls>
{{form.redirect_type | safe}}
{%if form.redirect_type.errors%}
< span class =help-inline>
< ul class =errors>
{%for form.redirect_type.errors%中的错误}
< li> {{error}}< / li>
{%endfor%}
< / ul>
< / span>
{%endif%}
< / div>
< / div>
< div class =control-group {%if form.redirect_active.errors%} error {%endif%}>
< div class =control-label> {{form.redirect_active.label}}< / div>
< div class =controls>
{{form.redirect_active | safe}}
{%if form.redirect_active.errors%}
< span class =help-inline>
< ul class =errors>
{%for form.redirect_active.errors%中的错误}
< li> {{error}}< / li>
{%endfor%}
< / ul>
< / span>
{%endif%}
< / div>
< / div>
< div class =control-group {%if form.redirect_method.errors%} error {%endif%}>
< div class =control-label> {{form.redirect_method.label}}< / div>
< div class =controls>
{{form.redirect_method | safe}}
{%if form.redirect_method.errors%}
< span class =help-inline>
< ul class =errors>
{%for form.redirect_method.errors%中的错误}
< li> {{error}}< / li>
{%endfor%}
< / ul>
< / span>
{%endif%}
< / div>
< / div>
< div class =control-group {%if form.redirect_url.errors%} error {%endif%}>
< div class =control-label> {{form.redirect_url.label}}< / div>
< div class =controls>
{{form.redirect_url | safe}}
{%if form.redirect_url.errors%}
< span class =help-inline>
< ul class =errors>
{%for form.redirect_url.errors%中的错误}
< li> {{error}}< / li>
{%endfor%}
< / ul>
< / span>
{%endif%}
< / div>
< / div>
< legend>满足所有过滤条件< a href =#class =btn addAllFilter>添加< / a>< / legend>
< table class =stable-stripedid =all_filter_table>
< tbody>
{%for f in form.redirect_filters_all%}
< tr style =vertical-align:top;>
< td>
{{f.filter_value}}
{%if f.filter_value.errors%}
< br>
< div class =control-group error>
< span class =help-inline>
< ul class =errors>
{%for error in f.filter_value.errors%}
< li> {{error}}< / li>
{%endfor%}
< / ul>
< / span>
< / div>
{%endif%}
< / td>
< td>
{{f.filter_operator}}
{%if f.filter_operator.errors%}
< br>
< div class =control-group error>
< span class =help-inline>
< ul class =errors>
{%for error in f.filter_operator.errors%}
< li> {{error}}< / li>
{%endfor%}
< / ul>
< / span>
< / div>
{%endif%}
< / td>
< td>
{{f.filter_compare_value}}
{%if f.filter_compare_value.errors%}
< br>
< div class =control-group error>
< span class =help-inline>
< ul class =errors>
{%for error in f.filter_compare_value.errors%}
< li> {{error}}< / li>
{%endfor%}
< / ul>
< / span>
< / div>
{%endif%}
< / td>
< td>< a href =#class =btn remove>移除< / a>< / td>
< / tr>
{%endfor%}
< / tbody>
< / table>符合任何过滤条件< a href =#class =btn addAnyFilter>添加< / a>< / legend>
< table class =stable-stripedid =any_filter_table>
< tbody>
{%for f in form.redirect_filters_any%}
< tr style =vertical-align:top;>
< td>
{{f.filter_value}}
{%if f.filter_value.errors%}
< br>
< div class =control-group error>
< span class =help-inline>
< ul class =errors>
{%for error in f.filter_value.errors%}
< li> {{error}}< / li>
{%endfor%}
< / ul>
< / span>
< / div>
{%endif%}
< / td>
< td>
{{f.filter_operator}}
{%if f.filter_operator.errors%}
< br>
< div class =control-group error>
< span class =help-inline>
< ul class =errors>
{%for error in f.filter_operator.errors%}
< li> {{error}}< / li>
{%endfor%}
< / ul>
< / span>
< / div>
{%endif%}
< / td>
< td>
{{f.filter_compare_value}}
{%if f.filter_compare_value.errors%}
< br>
< div class =control-group error>
< span class =help-inline>
< ul class =errors>
{%for error in f.filter_compare_value.errors%}
< li> {{error}}< / li>
{%endfor%}
< / ul>
< / span>
< / div>
{%endif%}
< / td>
< td>< a href =#class =btn remove>移除< / a>< / td>
< / tr>
{%endfor%}
< / tbody>
< / table>
{%if g.user.user_type =='admin'%}
< div class =control-group>
< div class =controls>
< input class =btn btn-primarytype =submitvalue =Save/>
< / div>
< / div>
{%endif%}
< / form>
< / div>
< / div>
{%endblock%}
似乎是Flask-WTForms I'm having trouble passing through validation when using a Here are my forms: The form seems to display correctly and works fine until I add data to either Is there a way to disable csrf for the Here is the Jinja2 template
The issue seems to be that Flask-WTForms 这篇关于wtforms,CSRF,flask,FieldList的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋! Form 实际上是 wtforms.ext.SecureForm 的一个子类,禁用表单上的csrf保护是在构造表单时将关键字参数 csrf_enabled = False 传递给表单。由于 FormField 实际上处理实例化表单,你可以:
FormField 可以让你传入表单关键字参数
$ b $ em或
wtforms.Form 而不是 flask.ext.wtforms.Form 用于 FilterForm (只要你自己不显示一个 FilterForm ,你就不用担心CSRF了)。
FieldList with WTForms. I keep getting this error. {'csrf_token': [u'CSRF token missing']}. The problem is if I do not have any data to validate in the FieldList field, the validation passes and there are no issues. But when I try to validate the form with any data I get that error. class FilterForm(wtf.Form):
filter_value = wtf.TextField('Value', validators=[validators.Required()])
filter_operator = wtf.SelectField('Operator', validators=[validators.Required()])
filter_compare_value=wtf.TextField('Compare Value', validators=[validators.Required()])
class RedirectForm(wtf.Form):
redirect_id = wtf.HiddenField('id')
redirect_name = wtf.TextField('Name', validators=[validators.Required()])
redirect_url = wtf.TextField('URL', validators=[validators.Required()])
redirect_type = wtf.SelectField('Type', validators=[validators.Required()])
redirect_method = wtf.SelectField('Method', validators=[validators.Required()])
redirect_active = wtf.BooleanField('Is Active')
redirect_filters_any = wtf.FieldList(wtf.FormField(FilterForm))
redirect_filters_all = wtf.FieldList(wtf.FormField(FilterForm))
redirect_filters_any or redirect_filters_allFieldList or pass a CSRF value to the FieldList? I want to keep CSRF protection enabled but can not seem to get past this validation problem.{% extends "base.html" %}
{% set active_page = "endpoints" %}
{% block tail_script %}
<script src="/static/js/page/redirects.js"></script>
{% endblock %}
{% block content %}
<div class="row12">
<div class="span12">
<ul class="breadcrumb">
<li><a href="{{ url_for('list_endpoints') }}">Endpoints</a> <span class="divider">/</span></li>
<li><a href="{{ url_for('show_endpoint', id=endpoint_id) }}">{{endpoint_name}}</a> <span class="divider">/</span></li>
{% if redirect_id != 'new' %}
<li class="active">{{ form.redirect_name.data }}</li>
{% else %}
<li class="active">New</li>
{% endif %}
</ul>
<form action="{{ url_for('edit_redirect', endpoint_id=endpoint_id, redirect_id=redirect_id) }}" class="form-horizontal" method="post">
<legend>General</legend>
{{ form.hidden_tag() }}
<div class="control-group {% if form.redirect_name.errors %}error{% endif %}">
<div class="control-label">{{ form.redirect_name.label }}</div>
<div class="controls">
{{ form.redirect_name|safe }}
{% if form.redirect_name.errors %}
<span class="help-inline">
<ul class="errors">
{% for error in form.redirect_name.errors %}
<li>{{ error }}</li>
{% endfor %}
</ul>
</span>
{% endif %}
</div>
</div>
<div class="control-group {% if form.redirect_type.errors %}error{% endif %}">
<div class="control-label">{{ form.redirect_type.label }}</div>
<div class="controls">
{{ form.redirect_type|safe }}
{% if form.redirect_type.errors %}
<span class="help-inline">
<ul class="errors">
{% for error in form.redirect_type.errors %}
<li>{{ error }}</li>
{% endfor %}
</ul>
</span>
{% endif %}
</div>
</div>
<div class="control-group {% if form.redirect_active.errors %}error{% endif %}">
<div class="control-label">{{ form.redirect_active.label }}</div>
<div class="controls">
{{ form.redirect_active|safe }}
{% if form.redirect_active.errors %}
<span class="help-inline">
<ul class="errors">
{% for error in form.redirect_active.errors %}
<li>{{ error }}</li>
{% endfor %}
</ul>
</span>
{% endif %}
</div>
</div>
<div class="control-group {% if form.redirect_method.errors %}error{% endif %}">
<div class="control-label">{{ form.redirect_method.label }}</div>
<div class="controls">
{{ form.redirect_method|safe }}
{% if form.redirect_method.errors %}
<span class="help-inline">
<ul class="errors">
{% for error in form.redirect_method.errors %}
<li>{{ error }}</li>
{% endfor %}
</ul>
</span>
{% endif %}
</div>
</div>
<div class="control-group {% if form.redirect_url.errors %}error{% endif %}">
<div class="control-label">{{ form.redirect_url.label }}</div>
<div class="controls">
{{ form.redirect_url|safe }}
{% if form.redirect_url.errors %}
<span class="help-inline">
<ul class="errors">
{% for error in form.redirect_url.errors %}
<li>{{ error }}</li>
{% endfor %}
</ul>
</span>
{% endif %}
</div>
</div>
<legend>Meet All Filters <a href="#" class="btn addAllFilter">Add</a></legend>
<table class="stable-striped" id="all_filter_table">
<tbody>
{% for f in form.redirect_filters_all %}
<tr style="vertical-align:top;">
<td>
{{ f.filter_value }}
{% if f.filter_value.errors %}
<br>
<div class="control-group error">
<span class="help-inline">
<ul class="errors">
{% for error in f.filter_value.errors %}
<li>{{ error }}</li>
{% endfor %}
</ul>
</span>
</div>
{% endif %}
</td>
<td>
{{ f.filter_operator }}
{% if f.filter_operator.errors %}
<br>
<div class="control-group error">
<span class="help-inline">
<ul class="errors">
{% for error in f.filter_operator.errors %}
<li>{{ error }}</li>
{% endfor %}
</ul>
</span>
</div>
{% endif %}
</td>
<td>
{{ f.filter_compare_value }}
{% if f.filter_compare_value.errors %}
<br>
<div class="control-group error">
<span class="help-inline">
<ul class="errors">
{% for error in f.filter_compare_value.errors %}
<li>{{ error }}</li>
{% endfor %}
</ul>
</span>
</div>
{% endif %}
</td>
<td><a href="#" class="btn remove">Remove</a></td>
</tr>
{% endfor %}
</tbody>
</table>
<legend>Meet Any Filters <a href="#" class="btn addAnyFilter">Add</a></legend>
<table class="stable-striped" id="any_filter_table">
<tbody>
{% for f in form.redirect_filters_any %}
<tr style="vertical-align:top;">
<td>
{{ f.filter_value }}
{% if f.filter_value.errors %}
<br>
<div class="control-group error">
<span class="help-inline">
<ul class="errors">
{% for error in f.filter_value.errors %}
<li>{{ error }}</li>
{% endfor %}
</ul>
</span>
</div>
{% endif %}
</td>
<td>
{{ f.filter_operator }}
{% if f.filter_operator.errors %}
<br>
<div class="control-group error">
<span class="help-inline">
<ul class="errors">
{% for error in f.filter_operator.errors %}
<li>{{ error }}</li>
{% endfor %}
</ul>
</span>
</div>
{% endif %}
</td>
<td>
{{ f.filter_compare_value }}
{% if f.filter_compare_value.errors %}
<br>
<div class="control-group error">
<span class="help-inline">
<ul class="errors">
{% for error in f.filter_compare_value.errors %}
<li>{{ error }}</li>
{% endfor %}
</ul>
</span>
</div>
{% endif %}
</td>
<td><a href="#" class="btn remove">Remove</a></td>
</tr>
{% endfor %}
</tbody>
</table>
{% if g.user.user_type == 'admin' %}
<div class="control-group">
<div class="controls">
<input class="btn btn-primary" type="submit" value="Save"/>
<a href="{{url_for('show_endpoint', id=endpoint_id)}}" class="btn">Cancel</a>
</div>
</div>
{% endif %}
</form>
</div>
</div>
{% endblock %}
Form is actually a subclass of wtforms.ext.SecureForm - and the only way to disable the csrf protection on a form is to pass the keyword argument csrf_enabled=False to the form when constructing it. Since FormField actually handles instantiating the form and you can either:
FormField that will let you pass in form keyword arguments
or wtforms.Form rather than flask.ext.wtforms.Form for your FilterForm (as long as you never display a FilterForm on its own you won't need to worry about CSRF).
