New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
modify a boolen field(mysql) case a csrf-token errors #1861
Comments
I have come across a similar issue and I think there is a clash between The following is the code of a simple flask web application that is using flask admin for crud operations on user data. from flask import Flask, render_template,redirect
from flask_wtf import FlaskForm
from wtforms import StringField
from wtforms.validators import DataRequired
from flask_wtf.csrf import CSRFProtect
from flask_sqlalchemy import SQLAlchemy
from flask_admin import Admin
from flask_admin.contrib.sqla import ModelView
from flask_admin.form import SecureForm
class MyForm(FlaskForm):
name = StringField('name', validators=[DataRequired()])
app = Flask(__name__)
app.secret_key = "Some Secret key!"
csrf = CSRFProtect(app)
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///test.db'
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
db = SQLAlchemy(app)
admin = Admin(app)
class User(db.Model):
id = db.Column(db.Integer, primary_key=True)
username = db.Column(db.String(80), unique=True, nullable=False)
email = db.Column(db.String(120), unique=True, nullable=False)
status = db.Column(db.Boolean, nullable=True)
def __repr__(self):
return '<User %r>' % self.username
class UserView(ModelView):
form_base_class = SecureForm # very important to secure the forms
page_size = 50 # the number of entries to display on the list view
column_editable_list = ["username", "email", 'status']
# show create and edit pages as modal windows instead of new windows
create_modal = True
edit_modal = True
can_view_details = True
details_modal = True
admin.add_view(UserView(User,db.session))
@app.route("/")
def hello_world():
return "<p>Hello, World!</p>"
@app.route('/submit', methods=['GET', 'POST'])
def submit():
form = MyForm()
if form.validate_on_submit():
return redirect('/success')
return render_template('submit.html', form=form)
@app.route('/success')
def success():
return "<p>Hello, The transaction was successful!</p>"
if __name__ == '__main__':
app.run() And this is my template file for the /submit endpoint. <!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<form method="POST" >
{{ form.csrf_token }}
{{ form.name.label }} {{ form.name(size=20) }}
<input type="submit" value="Go">
</form>
</body>
</html> The code that I have presented above will produce the follwing error as also shown in the picture: <!doctype html>
<html lang=en>
<title>400 Bad Request</title>
<h1>Bad Request</h1>
<p>The CSRF token is invalid.</p> |
my model has a boolean field(
is_admin
), i add it to thecolumn_editable_list
,but when i modify its value, the response return aerror code 400
with error messageThe CSRF token is missing
.The text was updated successfully, but these errors were encountered: