我要发送一个' POST'请求并从python后端捕获它。我使用flask python框架。实际上,我正在对已经开发的应用程序进行更改。
在模板中我找到了生成相关html的代码。
<div class="body">
<p>
Upload files for the customer {{customer.CustomerName}}.
</p>
<p>
</p>
<form method="POST" action="/admin/customers/{{ customer.ID }}/file_uploading/">
<!-- <input type="file" name="pdfFiles"> -->
<br><br>
<!-- <input type="submit" value="Upload" name="submit"> -->
<button type="submit" class="btn btn-transparent">Upload</button>
</form>
</div>
在这里,我尝试捕获POST请求。
@app.route('/admin/customers/<cust_id>/<action>/', methods=[ 'GET', 'POST' ])
@login_required
def main_admin_customers(cust_id=None, action=None, subaction=None):
if cust_id == None:
c = customers.customer_details()
return render_template('admin_customers_list.html',
customers=c.list_customers())
else:
if cust_id.isdigit():
cust_id = int(cust_id)
c = customers.customer_details(customerid=cust_id)
cust_data = c.retrieve_customer()
if cust_data == None:
return error_message(message='No such customer.')
else:
user = request.cookies['username']
if action == None:
s = scheduling.schedule(customer_id=cust_id)
return render_template('admin_customers_view.html')
# file uploading
# if the action is file_upload and required file is there
# upload it to the file server.
# file url and relevent information should be store in the database
# files will be categorise for each customer from their ID.
elif action == 'file_uploading':
return redirect(url_for('main_admin_customers',
cust_id=cust_id))
# Simple asset creation
elif action == 'create_asset':
pass
但是,我收到以下错误
Forbidden
You don't have the permission to access the requested resource. It is either read-protected or not readable by the server.
但是,当我调试代码时,只要我提交表单,就会收到上面的错误消息。它甚至没有达到main_admin_customers
的断点。
我在这里做的错误是什么?
答案 0 :(得分:1)
以下页面说明原因。基本上,我需要包含csrf令牌。 https://flask-wtf.readthedocs.org/en/latest/csrf.html
If the template has a form, you don’t need to do any thing. It is the same as before:
<form method="post" action="/">
{{ form.csrf_token }}
</form>
But if the template has no forms, you still need a csrf token:
<form method="post" action="/">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
</form>