« Rev
@django   370
Fwd »


Anonymous
Yeah, I thought of that But this field is like tags= TaggableManager() And it's not required by database But the form does not understand
Anonymous
But I have no other field for that
Anonymous
And it works when I give it tag
Mirco
And it works when I give it tag
but it's not that field, it's the ManyToMany Field or OneToMany Field that raise validation error
Anonymous
Hi everyone! among class based views and function based views which one is better to use?
inchidi
Hi everyone! among class based views and function based views which one is better to use?
it depends, i think its like baking cookies. if you want to bake only 5/10 cookies then you dont need many or maybe you dont need any cookie mold. but when you want to bake >100 cookies, preparing 10-20 cookie mold will make your cookies better for sure
Anonymous
I'm new to web development so I'm not sure about this But I don't like CBVs. imagine you want to add a simple placeholder to text area or input, you have to override something Now in a simple project CBVs makes things really easy but in a practical project I think you will have to override everything to satisfy customer needs and you will end up with same amount of code
Anonymous
I use CBV to not have my own form If you have a form then it's totally different story. It's like you have overridden whole form
Sagar
In view I've created a method with "request" parameter and the import option shows flask. request. Isn't it strange
Bhupesh
https://stackoverflow.com/questions/55531415/connecting-django-cms-with-firebase-console Any solutions??
Сергей
hi, how can I awoid from error django.security.csrf._reject:160 Forbidden (CSRF token missing or incorrect.): /accounts/login/ after fast few click on button sigh in?
Сергей
Yes, if I click one time it`s work properly
Mirco
Yes, if I click one time it`s work properly
Explain better the use case
Сергей
ok, I type login and password then click on button in this case all works, but if I click fast few time on button I got the error
Сергей
of cause
Mirco
mmm that's strange
Сергей
I agree
Mirco
I agree
it's a workaround , but you can disable login button after one click
Сергей
I thinkin about it but I wanna resolve this problems
inchidi
I agree
i think thats not strange, you click multiple times, means you send multiple request. crsf token only valid once, so server denied all except first requests.
inchidi
i guess you are using javascript instead form action to handle that post login request?
Сергей
no, I don`t use js in this case
inchidi
mmm that's strange
inchidi
haha, try share your code
Сергей
I use allauth with custom form
Сергей
it`s the login method
Сергей
def login(self, request, redirect_url=None): ret = perform_login(request, self.user, email_verification=app_settings.EMAIL_VERIFICATION, redirect_url=redirect_url) remember = app_settings.SESSION_REMEMBER if remember is None: remember = self.cleaned_data['remember'] if remember: request.session.set_expiry(app_settings.SESSION_COOKIE_AGE) else: request.session.set_expiry(0) return ret
Сергей
I wanna me show html source?
Сергей
http://dpaste.com/3NZMCFJ
Сергей
or django template http://dpaste.com/385BACM
inchidi
or django template http://dpaste.com/385BACM
hmm so you are pretty sure no event triggered on form submit/button clicked right? then i think mirco answer is the way https://t.me/django/35378
inchidi
but you can make sure by inspect element >> network and see how many request sent when you click login button quickly
inchidi
if only one request made, then i think there's a big chance that the problem is on page load (when you GET that page) and get the csrf token instead when POST sent
Сергей
there is many request but no ajax
inchidi
there is many request but no ajax
many requests to /accounts/login/?
Сергей
right
inchidi
and all using same csrf token?
Сергей
yes
Сергей
I solved this problem by adding CSRF_FAILURE_VIEW = 'core.backend_auth.csrf_failure' to settings.py and
Сергей
def csrf_failure(request, reason=""): redirect_to = '/accounts/login/' return HttpResponseRedirect(redirect_to)
Сергей
if I understand right in documentation django says that it`s normal case
inchidi
I solved this problem by adding CSRF_FAILURE_VIEW = 'core.backend_auth.csrf_failure' to settings.py and
you do realize that if user already logged in, they input on a form, and the csrf token rejected they will be redirected to login page right?
inchidi
if I understand right in documentation django says that it`s normal case
yeah, the "not normal" part is you didnt handle your request to use the token only once
Сергей
right
inchidi
is it meaning that token live small?
did you mean have "short lifetime"?
Сергей
yes I did, sorry for my english
inchidi
yes I did, sorry for my english
true, do you understand what csrf token for? want me to explain what csrf token for?
Сергей
I love english but have little practice
Сергей
yes I understand, tocken provide protection from cors
inchidi
yes I understand, tocken provide protection from cors
no, you dont protect someone from cors
Сергей
I busy some time
inchidi
I busy some time
the point is, csrf token should not be reusable. one request use one csrf token, and after csrf token used, it will be invalid
Сергей
I understud
Michail
how i can enable quotes escaping in my JSON output? if my model field is text and it contains ", quotes it brakes my frontend
cj
if you're using DRF it should be escaped automatically too
Michail
👆
ah
Michail
aparently not by default
inchidi
aparently not by default
it does, you just need to use it properly
Michail
i define a field like this -     text = models.CharField(max_length=500, null=False, - maybe this is wrong ?
cj
despite the unnecesary default args, it looks good
Michail
ill try to appy those and see if that helps
Manish
In production when debug is False static files not loading plz help
« Rev
@django   370
Fwd »