I have a small python/django web site and I'm using a html form POST some information, annoyingly however this information is stored in POST so when a user refreshes in say IE/chrome they get that warning message about the page containing POST data. How do I clear the POST data after it has been processed so a user can refresh and not see this warning message?
Also I have some logic as follows that detects a POST
if request.method == "POST":
do something
Select all
Open in new window
This is fine when I actually post the form, but when I refresh the page it also detects the POST and does the logic that I now dont want to do.
How can I solve this also??
Thanks
After form is validated and it is valid. Then do the redirect to some other page e.g. a success page or redirect to the same view. The redirection will avoid Double Form Submition problem. Read more about it here.
Use HttpResponseRedirect when you return the response for POST request. This is explained in tutorial 4 as
After incrementing the choice count, the code returns an HttpResponseRedirect rather than a normal HttpResponse. HttpResponseRedirect takes a single argument: the URL to which the user will be redirected (see the following point for how we construct the URL in this case).
As the Python comment above points out, you should always return an HttpResponseRedirect after successfully dealing with POST data. This tip isn't specific to Django; it's just good Web development practice.
As Rohan said, you should use HttpResponseRedirect. But also you can use a shortcut:
from django.shortcuts import redirect
def some_view(request):
if request.method == 'POST':
# do smth
return redirect('/page-with-form/')
Related
For logout I am using ready django.contrib.auth.LogoutView and everyone in their tutorials are creating a new url for example '/logout' and my question is how can I use that view without a new url page and html template? Plese use some code for views.py in your answers ;)
If you don't want any redirects at all and want to stay on the same page, like when you send an AJAX request then you can write your own view like this:
from django.contrib.auth import logout
from django.http import HttpResponse
def logout_view(request):
logout(request)
return HttpResponse('OK')
You don't have to route the /logout url to a template. You can redirect it to whatever page you want by using the next_page attribute (docs).
You can also look into setting a LOGOUT_REDIRECT_URL: https://docs.djangoproject.com/en/3.1/ref/settings/#logout-redirect-url.
I just started to learn Django by following a sentdex tutorial. During the course, we added a User model into our database and we created a function in our views.py file:
def register(request):
if request.method == "POST":
form = UserCreationForm(request.POST)
if form.is_valid():#si les champs sont OK :
user = form.save()
login(request, user)
return redirect("main:homepage")
else:
for msg in form.error_messages:
print(form.error_messages[msg])
But in this piece of code, I don't understand how Django knows if the request.method is True or False. Is it because I created a form with a Submit button in my template ?
Its impossible to say exactly what happens in your case since we don't have your HTML but in general:
When you create an HTML form, you can specify a method as follows <form method="POST"></form> or <form method="GET"></form>. If you don't specify the default is GET.
When you submit your form, it sends the data using an http request of the specified type. This is what Django is reading.
In this case, request.method simply represents the HTTP method that was used to access your view. For example, your register function might be assigned a url configuration such as: url(r'^register/', views.register), which maps an incoming HTTP request to your view. If you have a web form with a 'Submit' button, it's likely the web application code is submitting an HTTP POST request to your web server.
Django automatically constructs the request object for you, so you can check in your view how the request was made against the web server. For more info about what other things are included in the request, check the Django docs.
I would like to do the following:
I am displaying view1, with template1. There is a link to view2, rendering template2
The user clicks the link
When processing view2, an error occurs
Now come the interesting part: I want to cancel rendering of view2, activate an error message, and display the previous view1/template1 (a kind of redirection, but not quite) But in view2 I do not know that I was coming from view1, and I also probably do not have the context that I had when view1 was rendered
How can I re-render view1, with the error message genarated in view2, so that the user the only new thing that sees is that error message? The full template1 should be rendered as before, including any form values that the user has entered.
This is similar to form validation, but would happen in the destination view instead of the form view.
Is this at all doable, or am I trying to do something completely impossible?
There doesn't seem to be a way to "abort" a view, but you can get the behavior you want with the following pattern:
from django.contrib import messages
from django.shortcuts import redirect
def view1(request):
if request.method == 'GET':
initial_data = request.session.get('post_data', {})
form = MyForm(initial=initial_data)
...
def view2(request):
...
if error:
request.session['post_data'] = request.POST
messages.add_message(request, messages.ERROR, "Oops!")
return redirect(request.META.get('HTTP_REFERER', '/'))
See this stack post for why preserving the POST data is painful and alternative ways of doing so.
Referring from the form topic of django documentation, if in a view function I write,
if form.is_valid():
return HttpResponseRedirect('/thanks/')
And in the form template I give the action like,
<form action="/your-name/" method="post">
Then on submit the form will go to the view mapped tho /your-name/ url in urls.py but what about the HttpResponseRedirect('/thanks/') line in the function from where I rendering the form? If a form is valid then I save the form. but what will be the url in the action of the form. now def get_name(request): is the function mapped to /user/ url. I hope you understand my confusion here. need some help.
This is an exemple of the "post redirect get" pattern - if a post is succesfull (the form was valid and the processing went ok), it's good practice to return a redirect, which will be followed by a get from the user-agent on the url you redirected to. It avoids multiple submissions if the user try to reload the page.
Where you redirect to is up to you - you can just redirect to the same view (usually displaying a success message to the user), or redirect to another view.
As a side note: hardcoding urls is a bad practice in Django, you should use the url reverse feature instead.
I have an iPhone application from which I would like to call a post service passing parameters in its request, doing so caused a server error 500.
I have read Django documentation here and I still haven't figure out how to get a csrf_token and how to add it to the AFNetworking AFHTTPRequestOperationManager POST method.
On the server side I've added django.middleware.csrf.CsrfViewMiddleware in the MIDDLEWARE_CLASSES section, but it doesn't seem to do the trick.
My view looks like this; I am not doing much, just hoping to pass.
from django.core.context_processors import csrf
from django.shortcuts import render_to_response
def foo(request):
c={}
c.update(csrf(request))
if request.method == 'POST':
return HttpResponseRedirect("Post received");
The Django CSRF Middleware uses cookies and forms and whatnot to send a code to the page, then make sure the correct page is the one sending information back. In both cases, you must do a GET request to the server, and if you have the middleware installed correctly, it will put the CSRF token into a cookie for you.
Check out the documentation for more info on this.
Now, I noticed you're using a library that uses NSURLConnection, so that should handle cookies for you. I got this bundle of code (untested) that lets you pull the cookie name that you specify in your settings file (again, check out the documentation link above) then put that in your POST.
NSArray *cookies = [[NSHTTPCookieStorage sharedHTTPCookieStorage] cookiesForURL: networkServerAddress];
for (NSHTTPCookie *cookie in cookies)
{
// get the right cookie
}
Of course, if you're only making POSTs and never GETs first, you don't have a CSRF token to send!
And that's why we have the #csrf_exempt tag. (Docs here) This is the way to go 99% of the time, since most apps you won't do a GET before you do a POST. (in webpages you have to do a GET first). Note that this is intended only when an app is sending only POSTs and there's no session to speak of. You really need to think about your own security when using this, and how you verify that a given app/user really is who they claim to be. And how you disable people from hitting this URL from a webbrowser.
TLDR: Probably use #csrf_exempt on the view, but be careful.