问题描述
如果要在“ next_object”上进行操作,则需要对以下代码进行操作,以允许使用post方法将对象或对象的id传递回“ send_and_receive():” ?
为了使那些想立即以不安全的方式重复引用的人关闭,我要求使用POST而不是GET来完成此操作。
routes.py代码
@app.route('/statistics',methods=['POST'])
def send_and_receive():
reference_form = ReferenceForm()
if reference_form.object_approved.data:
library.approve_object(??reference_object_id_or_object??)
return redirect('index')
if reference_form.object_rejected.data:
library.reject_object(??reference_object_id_or_object??)
return redirect('index')
next_object = library.get_next()
return render_template('site.html',reference_form=reference_form,next_object=next_object)
site.html
{% extends "base.html" %}
{% block content %}
<form action="" method="post">
<p>{{next_object.string()}}</p>
<p>{{ reference_form.object_approved() }}</p>
<p>{{ reference_form.object_rejected() }}</p>
</form>
{% endblock %}
Forms.py代码
class ReferenceForm(FlaskForm):
object_approved = SubmitField("Approve")
object_rejected = SubmitField("Reject")
解决方法
请确保您设置了应用程序的SECRET_KEY,并渲染了html模板中的隐藏字段,包括自动添加的(see documentation)csrf_token隐藏字段。
一个简单的例子:
app.py
from flask import Flask,render_template,flash
from flask_wtf import FlaskForm
from wtforms import SubmitField,HiddenField
class ReferenceForm(FlaskForm):
object_id = HiddenField()
object_approved = SubmitField("Approve")
object_rejected = SubmitField("Reject")
app = Flask(__name__)
app.config['SECRET_KEY'] = '123456790'
@app.route('/',methods=['GET','POST'])
def index():
_form = ReferenceForm()
_form.object_id.data = 42
if _form.validate_on_submit():
flash('Object ID:{}'.format(_form.object_id.data))
print(_form.object_approved.data)
print(_form.object_rejected.data)
print(_form.object_id.data)
# process form blah blah
# would be usual to return a redirect here
return render_template('index.html',reference_form=_form)
if __name__ == '__main__':
app.run()
index.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
{% with messages = get_flashed_messages() %}
{% if messages %}
<ul class=flashes>
{% for message in messages %}
<li>{{ message }}</li>
{% endfor %}
</ul>
{% endif %}
{% endwith %}
<form action="" method="post">
{{ reference_form.object_id() }}
{{ reference_form.csrf_token() }}
<p>{{ reference_form.object_approved() }}</p>
<p>{{ reference_form.object_rejected() }}</p>
</form>
</body>
</html>
请注意如何呈现html,尤其是两个隐藏的字段object_id和csrf_token:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<form action="" method="post">
<input id="object_id" name="object_id" type="hidden" value="42">
<input id="csrf_token" name="csrf_token" type="hidden" value="IjBjNGIwNWE2NDA5NDVmZjhiMjU3Y2E5YTIwY2QwMGVlMTMxYzViYzUi.X0oupA.g9KjI79vZvfEIW1mwzR7nvHc6Yc">
<p><input id="object_approved" name="object_approved" type="submit" value="Approve"></p>
<p><input id="object_rejected" name="object_rejected" type="submit" value="Reject"></p>
</form>
</body>
</html>