migration to sanic-wtf 0.4.0 about sanic-mdl-blog HOT 7 CLOSED

awesome, thanks for letting me know. Seems you may have been right, never fully tested it just added it cause I could. I'm updating my code. However, seems you broke form.validate() 😢

from sanic-mdl-blog.

Could you elaborate what happen to form.validate()? Much appreciated.

from sanic-mdl-blog.

It may be related to the request object, the reasoning is here : pyx/sanic-wtf#6 , in short, we have to somehow keep a copy of current request object, because Sanic is sharing threads among many routes (view functions), a thread-local request object does not work in this case, so I decided to have the whole request being passed in in form construction.

Please let me know if you have a better idea. Thanks.

from sanic-mdl-blog.

I think I know what you mean, in 1148a0f
you removed the {{ form.hidden_tag }} call, but forgot to render the csrf token with {{ form.csrf_token }}

For CSRF protection to work, a hard-to-guess randomly-generated unique token is used with each request, the client should submit the token with other payloads to prove that the request is genuine.
The csrf token submission usually involve hidden field for normal HTML form submission, or special http header when using Restful API, in either way, the csrf token should be known by the client, that's why we need to rendered the hidden tag in the form ({{ form.csrf_token }}) to begin with.

You can learn more about CSRF here and here

from sanic-mdl-blog.

FYI, I just release 0.5.0 with file uploading support. Anything before that does not work well with file upload, unless you pass in the request.files explicitly.

from sanic-mdl-blog.

awesome, thanks. Going to be useful when i have to add uploading pictures. adding csrf now.

from sanic-mdl-blog.

crsf works properly, was my fault for not reading all of the docs. thanks.

from sanic-mdl-blog.