We Keep Coding

django.core.exceptions.SuspiciousFileOperation: The joined path is located outside of the base path comp

raise SuspiciousFileOperation(
[20/Jun/2022 15:21:10] "GET /static/assets/img/logos/facebook.svg HTTP/1.1" 404 1846
-- this the error -->
django.core.exceptions.SuspiciousFileOperation: The joined path (S:\cdn.startbootstrap.com\sb-forms-latest.js) is located outside of the base path component (C:\Users\Nishant\Envs\work\lib\site-packages\django\contrib\admin\static) <--
[20/Jun/2022 15:21:10] "GET /static/assets/img/about/2.jpg HTTP/1.1" 404 1825
[20/Jun/2022 15:21:10] "GET /static/assets/img/logos/google.svg HTTP/1.1" 404 1840
[20/Jun/2022 15:21:10] "GET /static/assets/img/about/3.jpg HTTP/1.1" 404 1825
[20/Jun/2022 15:21:10] "GET /static/https%3A/cdn.startbootstrap.com/sb-forms-latest.js HTTP/1.1" 500 59
[20/Jun/2022 15:21:10] "GET /static/assets/img/team/1.jpg HTTP/1.1" 404 1822
[20/Jun/2022 15:21:10] "GET /static/assets/img/about/4.jpg HTTP/1.1" 404 1825
[
[
i am having this error that path is located outside of the base path and i also uploaded all my file in github link is given below :
]github github link
]screenshort screenshort of error which i get --> settings.py<--
{here is the SS of path or line which get error}
]
*

Flask 405 error with valid route when not accessing request data

I'm getting a 405 error when I don't actually use a request body for successive identical requests.
Example:
app = Flask(__name__)
CORS(app)
#app.route("/login", methods=["POST"])
def login():
return jsonify({'success': True})
Request body is pretty simple:
{'username': 'foo', 'password': 'bar'}
Flutter code generating request:
http.Response response = await http.post(
Uri.parse("http://127.0.0.1:5000/login"),
headers: <String, String>{
'Content-Type': 'application/json; charset=UTF-8',
},
body: jsonEncode(<String, String>{
'username': username,
'password': username,
}),
);
Term output:
127.0.0.1 - - [10/May/2022 05:37:36] "OPTIONS /login HTTP/1.1" 200 -
127.0.0.1 - - [10/May/2022 05:37:36] "POST /login HTTP/1.1" 200 -
127.0.0.1 - - [10/May/2022 05:37:41] "{"username":"foo","password":"bar"}POST /login HTTP/1.1" 405 -
127.0.0.1 - - [10/May/2022 05:37:55] "{"username":"foo","password":"bar"}OPTIONS /login HTTP/1.1" 405 -
This is greatly simplified, but is enough to produce the expected error.
However, this Flask code does not generate the same error:
#app.route("/login", methods=["POST"])
def login():
print(request.json['username'])
return jsonify({'success': True})
And term output:
127.0.0.1 - - [10/May/2022 05:58:54] "POST /login HTTP/1.1" 200 -
127.0.0.1 - - [10/May/2022 06:08:16] "OPTIONS /login HTTP/1.1" 200 -
foo
127.0.0.1 - - [10/May/2022 06:08:16] "POST /login HTTP/1.1" 200 -
foo
127.0.0.1 - - [10/May/2022 06:08:16] "POST /login HTTP/1.1" 200 -
foo
I realize this is a stupid scenario, because when wouldn't you actually use the data? I just ran into this while tinkering and lost an hour figuring out why it was throwing the error.
My question is: Why does it throw a 405 error and what is the actual difference? Does the data persist between requests if you don't access it? Is this intended functionality, and is there documentation that covers this?

This was fixed in Werkzeug 2.1.2: https://github.com/pallets/werkzeug/issues/2397

Why does Django's HTTPResponseRedirect use the same HTTP method for PUT but not POST?

I have a Django project where I'm using a view to handle different HTTP methods. The POST handled the creation of an object and then redirected to the same view as a GET (or so I thought), using Django's redirect() shortcut (HTTPResponseRedirect) to return the newly created object. This worked fine. I tried the same thing with a PUT but I fell into a redirect loop. After scratching my head for a while I stumbled across this SO answer and then I inferred that since redirect doesn't handle the POST data, the request turns into a GET.
I confirmed this by watching the logs when I do the redirect from a POST:
[15/Dec/2014 00:47:43] "POST /client/151/ HTTP/1.1" 302 0
[15/Dec/2014 00:47:43] "GET /client/151/ HTTP/1.1" 200 395
However the PUT stays a PUT and throws me into a redirect loop until it errors out.
[14/Dec/2014 23:07:36] "PUT /api/asset/6779 HTTP/1.1" 301 0
[14/Dec/2014 23:07:37] "PUT /api/asset/6779/ HTTP/1.1" 302 0
[14/Dec/2014 23:07:37] "PUT /api/asset/6779 HTTP/1.1" 301 0
[14/Dec/2014 23:07:38] "PUT /api/asset/6779/ HTTP/1.1" 302 0
[14/Dec/2014 23:07:38] "PUT /api/asset/6779 HTTP/1.1" 301 0
[14/Dec/2014 23:07:39] "PUT /api/asset/6779/ HTTP/1.1" 302 0
[14/Dec/2014 23:07:39] "PUT /api/asset/6779 HTTP/1.1" 301 0
[14/Dec/2014 23:07:40] "PUT /api/asset/6779/ HTTP/1.1" 302 0
[14/Dec/2014 23:07:40] "PUT /api/asset/6779 HTTP/1.1" 301 0
[14/Dec/2014 23:07:41] "PUT /api/asset/6779/ HTTP/1.1" 302 0
[14/Dec/2014 23:07:41] "PUT /api/asset/6779 HTTP/1.1" 301 0
[14/Dec/2014 23:07:42] "PUT /api/asset/6779/ HTTP/1.1" 302 0
Shouldn't the redirect use GET? I understand what's going on but not sure why? What gives?
EDIT
# urls.py
url(r'^$', views.put_vs_post_redirect),
# views.py
from django.shortcuts import redirect
def put_vs_post_redirect(request, asset_id):
if request.method == 'GET':
return HTTPResponse('Get request')
elif request.method == 'POST':
return redirect('/')
elif request.method == 'PUT':
return redirect('/')

As mentioned in the comments, this is entirely dependent on the client, and not all clients handle redirects in the same way. You can find a decent explanation of the redirect codes and why a 301 should drop POST data on Stack Overflow.
When working with a 301 (and often a 302) redirect, most browsers will discard POST data and make a GET request. This is mostly because browsers have always done this, and POST requests most commonly come from web forms, so it makes sense that the redirect results in a GET, allowing for the browser to display a different page without interfering. This is not the case for things like PUT or PATCH requests, as they cannot currently be sent by web forms and typically play by different rules.
If you are looking to maintain the POST data on a 302 redirect, you should consider using a 307 redirect instead. A 307 request should maintain the request method, and the request body as a result.
If you are looking to maintain the POST data in a 301 redirect, there is currently a draft for a 308 status code that would work like the 307, but be permanent.
You can force the redirect to use a GET request with a 303 redirect. It works very much like a 302, but it enforces that the request method is always a GET request. It's often used in APIs for asynchronous tasks.

/socket.io/* 404 not found flask

I am trying to get socketio working correctly. When I load my page with following javascript. It tries to pull the socket.io page as expected but get a 404 not found each time.
<div id="result"></div>
<script src="//code.jquery.com/jquery-1.11.0.min.js"></script>
<script src="//code.jquery.com/jquery-migrate-1.2.1.min.js"></script>
<script src="https://cdn.socket.io/socket.io-1.2.1.js"></script>
<script>
$(function(){
var socket = io.connect('/endpoint');
// on receive append data.sound and linebreak to result id on page
socket.on('receive', function(data){
$('#result').append(data.mytext);
});
$('form#emit').submit(function(event) {
socket.emit('submit', {account: $('#account').val(),
...
Here is the flask endpoint for the socketIO to use
#app.route('/socket.io/<path:remaining>')
def iocg(remaining):
from websocketinstructions import WebSocketInstructions
socketio_manage(request.environ, {'/endpoint': WebSocketInstructions}, request)
return 'done'
127.0.0.1 - - [2014-11-24 15:29:05] "GET /socket.io/?EIO=3&transport=polling&t=1416864545405-114 HTTP/1.1" 404 342 0.002768
127.0.0.1 - - [2014-11-24 15:29:06] "GET /socket.io/?EIO=3&transport=polling&t=1416864546666-4 HTTP/1.1" 404 342 0.002745
127.0.0.1 - - [2014-11-24 15:29:10] "GET /socket.io/?EIO=3&transport=polling&t=1416864550413-115 HTTP/1.1" 404 342 0.003090
127.0.0.1 - - [2014-11-24 15:29:11] "GET /socket.io/?EIO=3&transport=polling&t=1416864551672-5 HTTP/1.1" 404 342 0.003325
127.0.0.1 - - [2014-11-24 15:29:15] "GET /socket.io/?EIO=3&transport=polling&t=1416864555419-116 HTTP/1.1" 404 342 0.003315
127.0.0.1 - - [2014-11-24 15:29:16] "GET /socket.io/?EIO=3&transport=polling&t=1416864556678-6 HTT P/1.1" 404 342 0.002707
127.0.0.1 - - [2014-11-24 15:29:20] "GET /socket.io/?EIO=3&transport=polling&t=1416864560425-117 HTTP/1.1" 404 342 0.002710
127.0.0.1 - - [2014-11-24 15:29:21] "GET /socket.io/?EIO=3&transport=polling&t=1416864561684-7 HTTP/1.1" 404 342 0.003227

First, check if the link to the CDN is valid. If doesn't work, change it to a new link from here, for example:
https://cdnjs.cloudflare.com/ajax/libs/socket.io/1.3.5/socket.io.min.js

bottle - static files causing 303 errors

I am experimenting in Bottle/MongoDB extending the Blog Engine from one of the MongoDB University Courses.
I have added a header & footer template and added some simple JS, CSS and an image. These work fine on all the templates other than show_post view. The way that it seems to be set up is that the value passed in to the function includes the static files (css, js & png) as well as the URL variable for the blog post itself.
The values from the python console are:
about to query on permalink = TLxrBfyxTZjqOKqxgnUP
1.0.0.127.in-addr.arpa - - [25/Feb/2014 15:08:09] "GET /post/TLxrBfyxTZjqOKqxgnUP HTTP/1.1" 200 37682
about to query on permalink = style.css
1.0.0.127.in-addr.arpa - - [25/Feb/2014 15:08:09] "GET /post/style.css HTTP/1.1" 303 0
about to query on permalink = blog.js
1.0.0.127.in-addr.arpa - - [25/Feb/2014 15:08:09] "GET /post/blog.js HTTP/1.1" 303 0
about to query on permalink = BL_logo.png
1.0.0.127.in-addr.arpa - - [25/Feb/2014 15:08:09] "GET /post/BL_logo.png HTTP/1.1" 303 0
1.0.0.127.in-addr.arpa - - [25/Feb/2014 15:08:09] "GET /post_not_found HTTP/1.1" 200 21
1.0.0.127.in-addr.arpa - - [25/Feb/2014 15:08:09] "GET /post_not_found HTTP/1.1" 200 21
1.0.0.127.in-addr.arpa - - [25/Feb/2014 15:08:09] "GET /post_not_found HTTP/1.1" 200 21
The code in question is:
# Displays a particular blog post
#bottle.get("/post/<permalink>")
def show_post(permalink="notfound"):
cookie = bottle.request.get_cookie("session")
username = sessions.get_username(cookie)
permalink = cgi.escape(permalink)
print "about to query on permalink = ", permalink
post = posts.get_post_by_permalink(permalink)
if post is None:
bottle.redirect("/post_not_found")
# init comment form fields for additional comment
comment = {'name': "", 'body': "", 'email': ""}
return bottle.template("entry_template", dict(post=post, username=username, errors="", comment=comment))
How can I prevent the function being called at all if the 'permalink' is a file rather than a value from a query string?
Thanks,
Mark
ANSWER
With many thanks to Ron's answer below for pointing me in the right direction.
My error was down to the path to the static files being incorrect. I made the path dynamic by importing os and then changed the root value to os.path.join(os.getcwd(), 'static/js') and made the filepaths in my header.tpl absolute, e.g."/style.css".
#bottle.get('/<filename:re:.*\.css>')
def stylesheets(filename):
rootPath=os.path.join(os.getcwd(), 'static/css')
return bottle.static_file(filename, root=rootPath)

Because you've placed your assets under /post, they're conflicting with your /post/<permalink> route.
Typically, you would serve your assets (css, js, png) from their own directory; something like /static/css/foo.css. That's what I'd recommend here.
Something along the lines of this:
#bottle.get("/post/<permalink>")
def show_post(permalink="notfound"):
# code to generate a post page goes here
#bottle.get("/static/<file_name:path>"):
def static_file(file_name):
return bottle.static_file(file_name, "/full/path/to/your/static/file/root/")
The relevant Bottle docs are here; or see one of the many posts describing how to serve static file from Bottle.