Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

400: Bad Request in submit the form #10139

Closed
kartikdanidhariya opened this issue Dec 18, 2015 · 8 comments
Closed

400: Bad Request in submit the form #10139

kartikdanidhariya opened this issue Dec 18, 2015 · 8 comments

Comments

@kartikdanidhariya
Copy link

hi i created one custom app in odoo v9
created model view and controller also but when i submit the form it display 400:bad request error

my model id

class ChangeAddress(BaseModel):

    _name = 'consulate.changeadress'

    first_name = fields.Char('First Name')
    last_name = fields.Char('Last Name')
    old_address = fields.Text('Old Address')
    new_address = fields.Text('New Address')
    home_tel = fields.Char('Home Tel')
    work_tel = fields.Char('Work Tel')
    email = fields.Char('Email')

my controller for add address is

def new(self, **form_data):
        form = ChangeAddressForm(request.httprequest.form)
        if request.httprequest.method == 'POST' and form.validate():
            posts = request.env['consulate.changeadress']
            posts.create({
                'first_name': form_data.get('first_name', ''),
                'last_name': form_data.get('last_name', ''),
                'old_address': form_data.get('old_address', ''),
                'new_address': form_data.get('new_address', ''),
                'home_tel': form_data.get('home_tel', ''),
                'work_tel': form_data.get('work_tel', ''),
                'email': form_data.get('email', ''),

            })
            print "posts created"
            return redirect("/change/")
        return request.render('change_address_form.change_address', {'form': form})

for that my view is

<openerp>
    <data>
    <template id="field_render" name="Render Form Field">
        <div t-attf-class="form-group {{ field.errors and 'has-error' or '' }}">
        <t t-raw="field.label" />
        <t t-raw="field(class_='form-control')" />
        <span t-foreach="field.errors" t-as="error" class="help-block">
            <t t-esc="error" />
        </span>
        </div>
    </template>

    <template id="change_address" name="Change Address">
        <t t-call="website.layout">
            <div class="row">
                <div class="col-md-6 col-md-offset-2">
                    <!--<form role="form" action="/change/address/" method="POST">-->
                    <!--<form role="form" action="/change/new" method="POST">-->
                    <form role="form" action="." method="POST">
                        <t t-foreach="form" t-as="field">
                            <t t-call="change_address_form.field_render"/>
                        </t>
                        <button type="submit" class="btn btn-primary mt8">Save</button>
                    </form>
                </div>
            </div>
        </t>
    </template>

so now form is render properly in template but when i submit the form it return
"400: Bad Request" error
how can i solve this error
please help!!!
@xmo-odoo
Copy link
Collaborator

You are triggering CSRF protection and need to add a CSRF token to your form.

@kartikdanidhariya
Copy link
Author

@xmo-odoo Thanks it work for me
for time being i have set csrf=false but can you please tell me how to get and pass csrf token so it can be more secure.

@xmo-odoo
Copy link
Collaborator

Just add a hidden <input type="hidden" name="csrf_token" t-att-value="request.csrf_token()"/> input inside your form (generally right after the form element itself)

@kartikdanidhariya
Copy link
Author

Thanks for your quick reply, it works for me
but currently i used odoo v9 in ubuntu and when i try to install same module in windows system in odoo v9 so it return
error like "import error : no module installed wtform"

after that i install wtform in my windows using "pip install WTForm"
but it still return same error
so how can i solve this error
please help!!!

@xmo-odoo
Copy link
Collaborator

To my knowledge, neither Odoo nor any of the standard modules use wtforms, so I have no idea. Check the traceback and try to see what tries to import wtform. The package is called wtforms with an S though.

@xmo-odoo xmo-odoo mentioned this issue Dec 21, 2015
Closed
2 tasks
xmo-odoo added a commit that referenced this issue Dec 21, 2015
@xmo-odoo
[IMP] csrf: better warning and documentation
8595bc2 
After initial implementation CSRF protection had been left poorly
documented tripping up users and developers (#9538, #10139).

Add a warning in the logs for developers, and a more extensive
explanation of the whole thing in the @route docstring (and the official
documentation).

Fixes #10158
@kartikdanidhariya
Copy link
Author

Thanks for your reply
and sorry for this stuff i am new to this community so don’t have enough idea about this community

@happilymarrieddad
Copy link

@xmo-odoo is there a way to disable the CSRF protection? I'm trying to use the service via API and I want to be able to post to the server with tools like Postman and programatically with HTTP packages in Go. Thanks!

@xmo-odoo
Copy link
Collaborator

xmo-odoo commented Oct 11, 2018
edited

@happilymarrieddad no. If you're writing your own endpoint, you can disable CSRF for it but that's mostly for things like API callbacks/webhooks (e.g. integration with Paypal or the like) which usually implement their own security.

If you're trying to interact with Odoo programmatically, the proper way to do so is to use the XML-RPC API.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@happilymarrieddad @xmo-odoo @kartikdanidhariya