我正在構建一個 Flask 應用程式,并嘗試使用requests庫在終端中發送 post 請求,但它給出了 400 錯誤,但我不知道該請求有什么格式錯誤。
這是我試圖在瀏覽器中訪問的注冊頁面:
以及提交后的后續結果:
但是,當我嘗試重新創建此發布請求并在命令列中使用相同的資訊時,我得到一個400狀態代碼。
這是我用來生成它的底層代碼:
形式:
class SignupForm(FlaskForm):
"""Main form for sign up page"""
email = EmailField(label = 'email', validators = [DataRequired(), Email()])
password = PasswordField(label = 'password',
validators = [DataRequired(), Length(min=9, max=20),
check_valid_password])
sec_question = SelectField(label = 'Security Question',
validators = [DataRequired()],
choices = ['What is your favorite band?',
'What is your favorite pets name?',
'What was the last name of your favorite childhoold teacher?',
'In what city were you born?',
'What is your best friends last name?',
'What is the country you would most like to visit?'])
sec_answer = TextField(label='your answer. not case sensitive', validators=[DataRequired(), Length(4, 200)])
這是處理傳入請求的燒瓶代碼:
@user.route('/signup', methods=['GET', 'POST'])
def signup():
form = SignupForm()
if form.validate_on_submit():
user_exists = User.query.filter_by(email = request.form.get('email')).first()
if user_exists:
flash('User already exists with that e-mail. Please login instead', 'warning')
return redirect(url_for('user.signup', form = form))
user = User()
form.populate_obj(user)
user.password = User.encrypt_password(request.form.get('password'))
user.save()
# send confirmation e-mail using celery
from app.blueprints.main.tasks import send_email
token = generate_new_account_token(form.email.data)
send_email.delay(
subject = 'Welcome to CPM! Please confirm your account',
recipients = [form.email.data],
template = 'email/user_new_confirm.html',
confirm_url = url_for('user.confirm_new', token = token, _external=True)
)
flash(f'A confirmation e-mail has been sent to {form.email.data}', 'info')
redirect(url_for('user.signup', form=form))
return render_template('blueprints/user/signup.html', form=form)
我一生似乎都無法在發布請求中使用它。它localhost:5000在我的電腦上運行。
這里有兩個例子可以說明這個問題。我的成功GET請求:
我不成功的POST請求:
data = {'email': '[email protected]', 'password': 'Passw0rd!', 'sec_question': 'What is your favorite band?', 'sec_answer': 'paul simon'}
requests.post('http://localhost:5000/signup', data = data)
uj5u.com熱心網友回復:
作為一種安全措施,表單需要一個 CSRF 令牌與 POST 請求一起發送,以防止 CSRF(跨站點請求偽造,有時縮寫為 XSRF)攻擊。瀏覽器會為您處理,但在 cURL 中,您必須手動檢索和使用 CSRF 令牌(這通常會讓人頭疼)。
出于開發目的,您可以暫時禁用 CSRF 保護。這是有關如何使用 Flask 執行此操作的說明。
本質上,只需將@csrf.exempt裝飾器添加到您的signup方法中:
from flask_wtf import csrf
@user.route('/signup', methods=['GET', 'POST'])
@csrf.exempt
def signup():
# The rest of the method
或者,您可以通過設定WTF_CSRF_CHECK_DEFAULT為來快速輕松地為所有視圖禁用 CSRF False。
警告:切勿在禁用 CSRF 保護的情況下將表單視圖推送到生產環境。
轉載請註明出處,本文鏈接:https://www.uj5u.com/yidong/316766.html