From coreybrett at gmail.com Wed Jan 22 10:34:28 2020 From: coreybrett at gmail.com (Corey Boyle) Date: Wed, 22 Jan 2020 10:34:28 -0500 Subject: [Flask] flask and jquery/ajax Message-ID: I have a button on a webpage that I would like to trigger a function on the server. Example that works... JS Python3 @ajax.route('/focus_customer', methods=GP) def focus_customer(): cpk = request.args.get('cpk', 0, type=int) if cpk: customer = m.Customer.query.get_or_404(cpk) yadayadayada db.session.add(customer) db.session.commit() return jsonify(result='ok') However, I know I shouldn't be using GET to make changes in my database, so I am trying to convert the above into a POST request. I've tried... JS Python3 @ajax.route('/focus_customer', methods=GP) def focus_customer(): print(request.data) print(request.json) return jsonify(result='ok') But, I get a 400 bad request message. If I comment out the "print(request.json)" line, I get "b'1=1'" on the terminal. What am I missing here? From gergely at polonkai.eu Wed Jan 22 12:36:26 2020 From: gergely at polonkai.eu (Gergely Polonkai) Date: Wed, 22 Jan 2020 18:36:26 +0100 Subject: [Flask] flask and jquery/ajax In-Reply-To: References: Message-ID: I suspect some CSRF protection mechanism. Do you use such a library? Like Flask-WTF-s CSRF extension? Best, Gergely On Wed, 22 Jan 2020, 16:35 Corey Boyle, wrote: > I have a button on a webpage that I would like to trigger a function > on the server. > > Example that works... > > JS > > > > Python3 > > @ajax.route('/focus_customer', methods=GP) > def focus_customer(): > cpk = request.args.get('cpk', 0, type=int) > if cpk: > customer = m.Customer.query.get_or_404(cpk) > yadayadayada > db.session.add(customer) > db.session.commit() > > return jsonify(result='ok') > > However, I know I shouldn't be using GET to make changes in my > database, so I am trying to convert the above into a POST request. > > I've tried... > > JS > > > > Python3 > > @ajax.route('/focus_customer', methods=GP) > def focus_customer(): > print(request.data) > print(request.json) > return jsonify(result='ok') > > But, I get a 400 bad request message. > If I comment out the "print(request.json)" line, I get "b'1=1'" on the > terminal. > > What am I missing here? > _______________________________________________ > Flask mailing list > Flask at python.org > https://mail.python.org/mailman/listinfo/flask > -------------- next part -------------- An HTML attachment was scrubbed... URL: From sidwoodstock at gmail.com Wed Jan 22 15:48:10 2020 From: sidwoodstock at gmail.com (Scott Woodstock) Date: Wed, 22 Jan 2020 12:48:10 -0800 Subject: [Flask] flask and jquery/ajax In-Reply-To: References: Message-ID: I ran into something similar a couple months ago. If you're facing the same thing, it's because your server is expecting a CSRF token. Simply attaching the token via $.ajaxSetup is what I used first but then found that tokens expire so if I had the page open too long it'd start returning 400 bad request again. Ultimately I added a heartbeat with a flask endpoint to refresh it. var csrf_token = '{{ csrf_token() }}'; // refresh the csrf token every 30 minutes var heartbeat = setInterval(function () { $.ajax({ url: '{{ url_for('csrf_refresh') }}', type: 'GET', headers:{ // attach csrf token 'X-CSRFToken': csrf_token }, success: function (response) { csrf_token = response; }, error: function (jqXHR, textStatus, errorThrown) { console.log(jqXHR, textStatus, errorThrown); alert('Connection with server lost! Please refresh the page.') }, dataType: "json", contentType: "application/json" }); }, 30 * 60 * 1000); // apply the csrf token before each request $.ajaxSetup({ beforeSend: function(xhr, settings) { if (!/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type) && !this.crossDomain) { xhr.setRequestHeader("X-CSRFToken", csrf_token); // insert custom header } }, }); and then the flask route to get a new CSRF token: @app.route('/tools/_refresh_csrf/', methods=['GET']) @roles_accepted('admin', 'copy', 'client') def csrf_refresh(): try: validate_csrf(request.headers.get('X-CSRFToken')) new_token = generate_csrf() return jsonify(new_token) except ValidationError: abort(400) On Wed, Jan 22, 2020 at 9:03 AM wrote: > Send Flask mailing list submissions to > flask at python.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://mail.python.org/mailman/listinfo/flask > or, via email, send a message with subject or body 'help' to > flask-request at python.org > > You can reach the person managing the list at > flask-owner at python.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Flask digest..." > > > Today's Topics: > > 1. flask and jquery/ajax (Corey Boyle) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 22 Jan 2020 10:34:28 -0500 > From: Corey Boyle > To: flask > Subject: [Flask] flask and jquery/ajax > Message-ID: > hYpFpPV7dH8WVD0wtYpMd4g at mail.gmail.com> > Content-Type: text/plain; charset="UTF-8" > > I have a button on a webpage that I would like to trigger a function > on the server. > > Example that works... > > JS > > > > Python3 > > @ajax.route('/focus_customer', methods=GP) > def focus_customer(): > cpk = request.args.get('cpk', 0, type=int) > if cpk: > customer = m.Customer.query.get_or_404(cpk) > yadayadayada > db.session.add(customer) > db.session.commit() > > return jsonify(result='ok') > > However, I know I shouldn't be using GET to make changes in my > database, so I am trying to convert the above into a POST request. > > I've tried... > > JS > > > > Python3 > > @ajax.route('/focus_customer', methods=GP) > def focus_customer(): > print(request.data) > print(request.json) > return jsonify(result='ok') > > But, I get a 400 bad request message. > If I comment out the "print(request.json)" line, I get "b'1=1'" on the > terminal. > > What am I missing here? > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > Flask mailing list > Flask at python.org > https://mail.python.org/mailman/listinfo/flask > > > ------------------------------ > > End of Flask Digest, Vol 55, Issue 1 > ************************************ > -------------- next part -------------- An HTML attachment was scrubbed... URL: From philippe at strauss-engineering.ch Fri Jan 24 05:48:38 2020 From: philippe at strauss-engineering.ch (Philippe Strauss) Date: Fri, 24 Jan 2020 11:48:38 +0100 Subject: [Flask] multiple files upload Message-ID: <5D883813-9B56-42B5-B026-0BE046377AB5@strauss-engineering.ch> Hello Flask users, I?m new to flask but love its architecture, I would like to upload multiple files at once like described on this webpage: https://www.w3schools.com/TAGS/att_input_multiple.asp How do I do that within the flask ecosystem, reading Flask-Uploads and Flask-WTF doc leads me nowhere! Thank you! regards -- Philippe Strauss https://www.strauss-engineering.ch From coreybrett at gmail.com Fri Jan 24 07:23:16 2020 From: coreybrett at gmail.com (Corey Boyle) Date: Fri, 24 Jan 2020 07:23:16 -0500 Subject: [Flask] multiple files upload In-Reply-To: <5D883813-9B56-42B5-B026-0BE046377AB5@strauss-engineering.ch> References: <5D883813-9B56-42B5-B026-0BE046377AB5@strauss-engineering.ch> Message-ID: https://stackoverflow.com/questions/11817182/uploading-multiple-files-with-flask On Fri, Jan 24, 2020 at 5:55 AM Philippe Strauss wrote: > > Hello Flask users, > > I?m new to flask but love its architecture, I would like to upload multiple files at once like described on this webpage: > > https://www.w3schools.com/TAGS/att_input_multiple.asp > > How do I do that within the flask ecosystem, reading Flask-Uploads and Flask-WTF doc leads me nowhere! > > Thank you! > > > > > regards > > -- > Philippe Strauss > https://www.strauss-engineering.ch > > > > _______________________________________________ > Flask mailing list > Flask at python.org > https://mail.python.org/mailman/listinfo/flask From onlinejudge95 at gmail.com Tue Jan 28 08:26:16 2020 From: onlinejudge95 at gmail.com (onlinejudge95) Date: Tue, 28 Jan 2020 18:56:16 +0530 Subject: [Flask] flask and jquery/ajax In-Reply-To: References: Message-ID: The reason you are receiving this is because the data you are sending as json is not valid json. I tried using your code on https://jsonlint.com/ I receive a pare error. Can you try it with data as > > {'1': 1} On Wed, Jan 22, 2020 at 11:07 PM Gergely Polonkai wrote: > I suspect some CSRF protection mechanism. Do you use such a library? Like > Flask-WTF-s CSRF extension? > > Best, > Gergely > > On Wed, 22 Jan 2020, 16:35 Corey Boyle, wrote: > >> I have a button on a webpage that I would like to trigger a function >> on the server. >> >> Example that works... >> >> JS >> >> >> >> Python3 >> >> @ajax.route('/focus_customer', methods=GP) >> def focus_customer(): >> cpk = request.args.get('cpk', 0, type=int) >> if cpk: >> customer = m.Customer.query.get_or_404(cpk) >> yadayadayada >> db.session.add(customer) >> db.session.commit() >> >> return jsonify(result='ok') >> >> However, I know I shouldn't be using GET to make changes in my >> database, so I am trying to convert the above into a POST request. >> >> I've tried... >> >> JS >> >> >> >> Python3 >> >> @ajax.route('/focus_customer', methods=GP) >> def focus_customer(): >> print(request.data) >> print(request.json) >> return jsonify(result='ok') >> >> But, I get a 400 bad request message. >> If I comment out the "print(request.json)" line, I get "b'1=1'" on the >> terminal. >> >> What am I missing here? >> _______________________________________________ >> Flask mailing list >> Flask at python.org >> https://mail.python.org/mailman/listinfo/flask >> > _______________________________________________ > Flask mailing list > Flask at python.org > https://mail.python.org/mailman/listinfo/flask > -------------- next part -------------- An HTML attachment was scrubbed... URL: