当发送帖子请求时,您无权访问所请求的资源错误

时间:2015-02-20 22:28:46

标签: python flask

我要发送一个' POST'请求并从python后端捕获它。我使用flask python框架。实际上,我正在对已经开发的应用程序进行更改。

在模板中我找到了生成相关html的代码。 

<div class="body">
                    <p>
                        Upload files for the customer {{customer.CustomerName}}.
                    </p>
                    <p>

                    </p>

                    <form method="POST"  action="/admin/customers/{{ customer.ID }}/file_uploading/">

                        <!--   <input type="file" name="pdfFiles"> -->

                            <br><br>
                     <!--     <input type="submit" value="Upload" name="submit"> -->
                            <button type="submit" class="btn btn-transparent">Upload</button>
                    </form>



</div>

在这里,我尝试捕获POST请求。

@app.route('/admin/customers/<cust_id>/<action>/', methods=[ 'GET', 'POST' ])
@login_required
def main_admin_customers(cust_id=None, action=None, subaction=None):
 if cust_id == None:
        c = customers.customer_details()
        return render_template('admin_customers_list.html', 
            customers=c.list_customers())
    else:
        if cust_id.isdigit():
            cust_id = int(cust_id)
            c = customers.customer_details(customerid=cust_id)
            cust_data = c.retrieve_customer()
            if cust_data == None:
                return error_message(message='No such customer.')
            else:
                user = request.cookies['username']


                if action == None:
                    s = scheduling.schedule(customer_id=cust_id)
                    return render_template('admin_customers_view.html')               

                # file uploading 
                # if the action is file_upload and required file is there
                # upload it to the file server. 
                # file url and relevent information should be store in the database
                # files will be categorise for each customer from their ID.

                elif action == 'file_uploading':
                    return redirect(url_for('main_admin_customers', 
                        cust_id=cust_id))





                 # Simple asset creation 
                elif action == 'create_asset':
                    pass

但是,我收到以下错误

Forbidden

You don't have the permission to access the requested resource. It is either read-protected or not readable by the server.

但是,当我调试代码时,只要我提交表单,就会收到上面的错误消息。它甚至没有达到main_admin_customers的断点。

我在这里做的错误是什么?

1 个答案:

答案 0 :(得分:1)

以下页面说明原因。基本上,我需要包含csrf令牌。 https://flask-wtf.readthedocs.org/en/latest/csrf.html 

If the template has a form, you don’t need to do any thing. It is the same as before:

<form method="post" action="/">
    {{ form.csrf_token }}
</form>

But if the template has no forms, you still need a csrf token:

<form method="post" action="/">
    <input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
</form>
相关问题
最新问题