You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@bloodhound.apache.org by Dammina Sahabandu <dm...@gmail.com> on 2014/06/13 10:09:44 UTC
Clarification on __FORM_TOKEN
Hi All,
I'm trying to implement a feature which will provide the functionality to
users to create multiple tickets at once. As the QuickCreateTicketDialog
component is some what similar I'm trying to extend its functionality to
post the parameters to the backend DB. The thing is while I'm trying to
submit the input form it gives me the error saying; "Error: Bad Request Missing
or invalid form token. Do you have cookies enabled?"
I have used the same value for the input __FORM_TOKEN which have been used
for the Quick Create Ticket component. I have also tried removing that
input from the form. Then it resulted in not hitting the match_request
method.
It will be really great if you can help me on this matter.
PS: As I know some other projects will be also benefited if this issue can
be solved.
Thanks
Dammina
--
Dammina Sahabandu.
Undergraduate Department of Computer Science and Engineering
University of Moratuwa
Sri Lanka.
Re: Clarification on __FORM_TOKEN
Posted by Gary Martin <ga...@wandisco.com>.
I would imagine it is at least similar to the value in req.path_info which
gives the path on the server. I suppose where you attempt to change the
value might make a difference to the safety of changing it but I am not
sure that there is a particular need to change it. What is it that you need
to do?
I'm toying with the idea of asking you to separate out your code into a
plugin as some of the changes are directly in existing templates. There are
pros and cons of this.. one advantage is that the code you have is easier
to show as a complete unit that is separable from the main. A disadvantage
is that you have to work out how to get the changes you wanted to make to
the existing templates into them.
Cheers,
Gary
On 14 June 2014 10:30, Dammina Sahabandu <dm...@gmail.com> wrote:
> Hi Gary,
> Thanks for the help. I fixed the issue. As you mentioned it automatically
> adds the token. So when I put a hard coded string as the token, it becomes
> a list of two which results in error. However, now the issue is fixed and
> the post request works fine.
> Anyway now I got another problem. The environ(the WSGI environment
> dictionary) contains a key called PATH_INFO. What is the meaning of that
> value and is it okay to change it?
>
> Thanks
> Dammina
>
>
> On Sat, Jun 14, 2014 at 2:31 PM, Gary Martin <ga...@wandisco.com>
> wrote:
>
> > I'm afraid that, assuming I understood your problem, this fixed the
> > described issue for me. Did you make sure that you completely refreshed
> the
> > page when you attempted to resubmit the form after the change?
> >
> > As I understand it, there is some code in trac/trac/web/chrome.py that
> > looks for forms with the post method and automatically adds the token.
> > Again, I don't have time to check for myself but you might find you get a
> > different token when a relevant cookie is removed. When I mentioned that
> I
> > got a list of two items, one of the tokens was different to the one you
> > hard coded.
> >
> > Cheers,
> > Gary
> >
> >
> > On 14 June 2014 04:44, Dammina Sahabandu <dm...@gmail.com> wrote:
> >
> > > Hi,
> > > I did try what Gary has suggested. But it seems like those changes
> > doesn't
> > > affect the issue. The thing with the __FORM_TOKEN is when I inspect the
> > > quick ticket form it always displays as a single string(always the same
> > > string). Anyway I'll do some more debugging. However if you come up
> with
> > a
> > > better solution please let me know :)
> > >
> > > Thanks,
> > > Dammina
> > >
> > >
> > > On Sat, Jun 14, 2014 at 3:03 AM, Gary Martin <gary.martin@wandisco.com
> >
> > > wrote:
> > >
> > > > Dammina,
> > > >
> > > > Have you tried just not including the DIV element with the form
> token?
> > > Just
> > > > having a quick look at other templates, I am not sure there is
> another
> > > page
> > > > that includes this as part of the template and checking with a
> debugger
> > > at
> > > > around line 203 of trac/web/main.py I see that
> > > req.args.get('__FORM_TOKEN')
> > > > is returning a list of two items instead of a single string.
> > > >
> > > > Hope this helps!
> > > >
> > > > Cheers,
> > > > Gary
> > > >
> > > >
> > > > On 13 June 2014 21:10, Gary Martin <ga...@wandisco.com> wrote:
> > > >
> > > > > It seems that in my haste earlier I only sent this to Dammina. I
> also
> > > > > noted that the form shared an id with the quick ticket form on the
> > page
> > > > in
> > > > > question but I don't yet know if this has anything to do with the
> > > > behaviour
> > > > > described. I'll have a look shortly but if anyone has some better
> > > advice,
> > > > > that would be great!
> > > > >
> > > > > Cheers,
> > > > > Gary
> > > > >
> > > > >
> > > > > On 13 June 2014 11:14, Gary Martin <ga...@wandisco.com>
> wrote:
> > > > >
> > > > >> Hi Dammina,
> > > > >>
> > > > >> I won't be able to look at this until this evening so I hope that
> > > > someone
> > > > >> else will be able to help out with this. In the mean time, if
> other
> > > > forms
> > > > >> do not also display this problem, I would probably put some debug
> > > > points in
> > > > >> the python code that processes the views to see if I could spot
> any
> > > > >> obviously significant differences. Without checking, I am assuming
> > > that
> > > > the
> > > > >> form token should be part of the data received.
> > > > >>
> > > > >> Anyway, as I said, I'll have a proper look later.
> > > > >>
> > > > >> Cheers,
> > > > >> Gary
> > > > >>
> > > > >>
> > > > >> On 13 June 2014 09:09, Dammina Sahabandu <dm...@gmail.com>
> > > wrote:
> > > > >>
> > > > >>> Hi All,
> > > > >>> I'm trying to implement a feature which will provide the
> > > functionality
> > > > >>> to users to create multiple tickets at once. As the
> > > > QuickCreateTicketDialog
> > > > >>> component is some what similar I'm trying to extend its
> > functionality
> > > > to
> > > > >>> post the parameters to the backend DB. The thing is while I'm
> > trying
> > > to
> > > > >>> submit the input form it gives me the error saying; "Error: Bad
> > > > Request Missing
> > > > >>> or invalid form token. Do you have cookies enabled?"
> > > > >>> I have used the same value for the input __FORM_TOKEN which have
> > been
> > > > >>> used for the Quick Create Ticket component. I have also tried
> > > removing
> > > > that
> > > > >>> input from the form. Then it resulted in not hitting the
> > > match_request
> > > > >>> method.
> > > > >>> It will be really great if you can help me on this matter.
> > > > >>>
> > > > >>> PS: As I know some other projects will be also benefited if this
> > > issue
> > > > >>> can be solved.
> > > > >>>
> > > > >>> Thanks
> > > > >>> Dammina
> > > > >>> --
> > > > >>> Dammina Sahabandu.
> > > > >>> Undergraduate Department of Computer Science and Engineering
> > > > >>> University of Moratuwa
> > > > >>> Sri Lanka.
> > > > >>>
> > > > >>
> > > >
> > >
> > >
> > >
> > > --
> > > Dammina Sahabandu.
> > > Committer for ASF (Apache Bloodhound)
> > > Undergraduate Department of Computer Science and Engineering
> > > University of Moratuwa
> > > Sri Lanka
> > >
> >
>
>
>
> --
> Dammina Sahabandu.
> Committer for ASF (Apache Bloodhound)
> Undergraduate Department of Computer Science and Engineering
> University of Moratuwa
> Sri Lanka
Re: Clarification on __FORM_TOKEN
Posted by Dammina Sahabandu <dm...@gmail.com>.
Hi Gary,
Thanks for the help. I fixed the issue. As you mentioned it automatically
adds the token. So when I put a hard coded string as the token, it becomes
a list of two which results in error. However, now the issue is fixed and
the post request works fine.
Anyway now I got another problem. The environ(the WSGI environment
dictionary) contains a key called PATH_INFO. What is the meaning of that
value and is it okay to change it?
Thanks
Dammina
On Sat, Jun 14, 2014 at 2:31 PM, Gary Martin <ga...@wandisco.com>
wrote:
> I'm afraid that, assuming I understood your problem, this fixed the
> described issue for me. Did you make sure that you completely refreshed the
> page when you attempted to resubmit the form after the change?
>
> As I understand it, there is some code in trac/trac/web/chrome.py that
> looks for forms with the post method and automatically adds the token.
> Again, I don't have time to check for myself but you might find you get a
> different token when a relevant cookie is removed. When I mentioned that I
> got a list of two items, one of the tokens was different to the one you
> hard coded.
>
> Cheers,
> Gary
>
>
> On 14 June 2014 04:44, Dammina Sahabandu <dm...@gmail.com> wrote:
>
> > Hi,
> > I did try what Gary has suggested. But it seems like those changes
> doesn't
> > affect the issue. The thing with the __FORM_TOKEN is when I inspect the
> > quick ticket form it always displays as a single string(always the same
> > string). Anyway I'll do some more debugging. However if you come up with
> a
> > better solution please let me know :)
> >
> > Thanks,
> > Dammina
> >
> >
> > On Sat, Jun 14, 2014 at 3:03 AM, Gary Martin <ga...@wandisco.com>
> > wrote:
> >
> > > Dammina,
> > >
> > > Have you tried just not including the DIV element with the form token?
> > Just
> > > having a quick look at other templates, I am not sure there is another
> > page
> > > that includes this as part of the template and checking with a debugger
> > at
> > > around line 203 of trac/web/main.py I see that
> > req.args.get('__FORM_TOKEN')
> > > is returning a list of two items instead of a single string.
> > >
> > > Hope this helps!
> > >
> > > Cheers,
> > > Gary
> > >
> > >
> > > On 13 June 2014 21:10, Gary Martin <ga...@wandisco.com> wrote:
> > >
> > > > It seems that in my haste earlier I only sent this to Dammina. I also
> > > > noted that the form shared an id with the quick ticket form on the
> page
> > > in
> > > > question but I don't yet know if this has anything to do with the
> > > behaviour
> > > > described. I'll have a look shortly but if anyone has some better
> > advice,
> > > > that would be great!
> > > >
> > > > Cheers,
> > > > Gary
> > > >
> > > >
> > > > On 13 June 2014 11:14, Gary Martin <ga...@wandisco.com> wrote:
> > > >
> > > >> Hi Dammina,
> > > >>
> > > >> I won't be able to look at this until this evening so I hope that
> > > someone
> > > >> else will be able to help out with this. In the mean time, if other
> > > forms
> > > >> do not also display this problem, I would probably put some debug
> > > points in
> > > >> the python code that processes the views to see if I could spot any
> > > >> obviously significant differences. Without checking, I am assuming
> > that
> > > the
> > > >> form token should be part of the data received.
> > > >>
> > > >> Anyway, as I said, I'll have a proper look later.
> > > >>
> > > >> Cheers,
> > > >> Gary
> > > >>
> > > >>
> > > >> On 13 June 2014 09:09, Dammina Sahabandu <dm...@gmail.com>
> > wrote:
> > > >>
> > > >>> Hi All,
> > > >>> I'm trying to implement a feature which will provide the
> > functionality
> > > >>> to users to create multiple tickets at once. As the
> > > QuickCreateTicketDialog
> > > >>> component is some what similar I'm trying to extend its
> functionality
> > > to
> > > >>> post the parameters to the backend DB. The thing is while I'm
> trying
> > to
> > > >>> submit the input form it gives me the error saying; "Error: Bad
> > > Request Missing
> > > >>> or invalid form token. Do you have cookies enabled?"
> > > >>> I have used the same value for the input __FORM_TOKEN which have
> been
> > > >>> used for the Quick Create Ticket component. I have also tried
> > removing
> > > that
> > > >>> input from the form. Then it resulted in not hitting the
> > match_request
> > > >>> method.
> > > >>> It will be really great if you can help me on this matter.
> > > >>>
> > > >>> PS: As I know some other projects will be also benefited if this
> > issue
> > > >>> can be solved.
> > > >>>
> > > >>> Thanks
> > > >>> Dammina
> > > >>> --
> > > >>> Dammina Sahabandu.
> > > >>> Undergraduate Department of Computer Science and Engineering
> > > >>> University of Moratuwa
> > > >>> Sri Lanka.
> > > >>>
> > > >>
> > >
> >
> >
> >
> > --
> > Dammina Sahabandu.
> > Committer for ASF (Apache Bloodhound)
> > Undergraduate Department of Computer Science and Engineering
> > University of Moratuwa
> > Sri Lanka
> >
>
--
Dammina Sahabandu.
Committer for ASF (Apache Bloodhound)
Undergraduate Department of Computer Science and Engineering
University of Moratuwa
Sri Lanka.
Re: Clarification on __FORM_TOKEN
Posted by Gary Martin <ga...@wandisco.com>.
I'm afraid that, assuming I understood your problem, this fixed the
described issue for me. Did you make sure that you completely refreshed the
page when you attempted to resubmit the form after the change?
As I understand it, there is some code in trac/trac/web/chrome.py that
looks for forms with the post method and automatically adds the token.
Again, I don't have time to check for myself but you might find you get a
different token when a relevant cookie is removed. When I mentioned that I
got a list of two items, one of the tokens was different to the one you
hard coded.
Cheers,
Gary
On 14 June 2014 04:44, Dammina Sahabandu <dm...@gmail.com> wrote:
> Hi,
> I did try what Gary has suggested. But it seems like those changes doesn't
> affect the issue. The thing with the __FORM_TOKEN is when I inspect the
> quick ticket form it always displays as a single string(always the same
> string). Anyway I'll do some more debugging. However if you come up with a
> better solution please let me know :)
>
> Thanks,
> Dammina
>
>
> On Sat, Jun 14, 2014 at 3:03 AM, Gary Martin <ga...@wandisco.com>
> wrote:
>
> > Dammina,
> >
> > Have you tried just not including the DIV element with the form token?
> Just
> > having a quick look at other templates, I am not sure there is another
> page
> > that includes this as part of the template and checking with a debugger
> at
> > around line 203 of trac/web/main.py I see that
> req.args.get('__FORM_TOKEN')
> > is returning a list of two items instead of a single string.
> >
> > Hope this helps!
> >
> > Cheers,
> > Gary
> >
> >
> > On 13 June 2014 21:10, Gary Martin <ga...@wandisco.com> wrote:
> >
> > > It seems that in my haste earlier I only sent this to Dammina. I also
> > > noted that the form shared an id with the quick ticket form on the page
> > in
> > > question but I don't yet know if this has anything to do with the
> > behaviour
> > > described. I'll have a look shortly but if anyone has some better
> advice,
> > > that would be great!
> > >
> > > Cheers,
> > > Gary
> > >
> > >
> > > On 13 June 2014 11:14, Gary Martin <ga...@wandisco.com> wrote:
> > >
> > >> Hi Dammina,
> > >>
> > >> I won't be able to look at this until this evening so I hope that
> > someone
> > >> else will be able to help out with this. In the mean time, if other
> > forms
> > >> do not also display this problem, I would probably put some debug
> > points in
> > >> the python code that processes the views to see if I could spot any
> > >> obviously significant differences. Without checking, I am assuming
> that
> > the
> > >> form token should be part of the data received.
> > >>
> > >> Anyway, as I said, I'll have a proper look later.
> > >>
> > >> Cheers,
> > >> Gary
> > >>
> > >>
> > >> On 13 June 2014 09:09, Dammina Sahabandu <dm...@gmail.com>
> wrote:
> > >>
> > >>> Hi All,
> > >>> I'm trying to implement a feature which will provide the
> functionality
> > >>> to users to create multiple tickets at once. As the
> > QuickCreateTicketDialog
> > >>> component is some what similar I'm trying to extend its functionality
> > to
> > >>> post the parameters to the backend DB. The thing is while I'm trying
> to
> > >>> submit the input form it gives me the error saying; "Error: Bad
> > Request Missing
> > >>> or invalid form token. Do you have cookies enabled?"
> > >>> I have used the same value for the input __FORM_TOKEN which have been
> > >>> used for the Quick Create Ticket component. I have also tried
> removing
> > that
> > >>> input from the form. Then it resulted in not hitting the
> match_request
> > >>> method.
> > >>> It will be really great if you can help me on this matter.
> > >>>
> > >>> PS: As I know some other projects will be also benefited if this
> issue
> > >>> can be solved.
> > >>>
> > >>> Thanks
> > >>> Dammina
> > >>> --
> > >>> Dammina Sahabandu.
> > >>> Undergraduate Department of Computer Science and Engineering
> > >>> University of Moratuwa
> > >>> Sri Lanka.
> > >>>
> > >>
> >
>
>
>
> --
> Dammina Sahabandu.
> Committer for ASF (Apache Bloodhound)
> Undergraduate Department of Computer Science and Engineering
> University of Moratuwa
> Sri Lanka
>
Re: Clarification on __FORM_TOKEN
Posted by Dammina Sahabandu <dm...@gmail.com>.
Hi,
I did try what Gary has suggested. But it seems like those changes doesn't
affect the issue. The thing with the __FORM_TOKEN is when I inspect the
quick ticket form it always displays as a single string(always the same
string). Anyway I'll do some more debugging. However if you come up with a
better solution please let me know :)
Thanks,
Dammina
On Sat, Jun 14, 2014 at 3:03 AM, Gary Martin <ga...@wandisco.com>
wrote:
> Dammina,
>
> Have you tried just not including the DIV element with the form token? Just
> having a quick look at other templates, I am not sure there is another page
> that includes this as part of the template and checking with a debugger at
> around line 203 of trac/web/main.py I see that req.args.get('__FORM_TOKEN')
> is returning a list of two items instead of a single string.
>
> Hope this helps!
>
> Cheers,
> Gary
>
>
> On 13 June 2014 21:10, Gary Martin <ga...@wandisco.com> wrote:
>
> > It seems that in my haste earlier I only sent this to Dammina. I also
> > noted that the form shared an id with the quick ticket form on the page
> in
> > question but I don't yet know if this has anything to do with the
> behaviour
> > described. I'll have a look shortly but if anyone has some better advice,
> > that would be great!
> >
> > Cheers,
> > Gary
> >
> >
> > On 13 June 2014 11:14, Gary Martin <ga...@wandisco.com> wrote:
> >
> >> Hi Dammina,
> >>
> >> I won't be able to look at this until this evening so I hope that
> someone
> >> else will be able to help out with this. In the mean time, if other
> forms
> >> do not also display this problem, I would probably put some debug
> points in
> >> the python code that processes the views to see if I could spot any
> >> obviously significant differences. Without checking, I am assuming that
> the
> >> form token should be part of the data received.
> >>
> >> Anyway, as I said, I'll have a proper look later.
> >>
> >> Cheers,
> >> Gary
> >>
> >>
> >> On 13 June 2014 09:09, Dammina Sahabandu <dm...@gmail.com> wrote:
> >>
> >>> Hi All,
> >>> I'm trying to implement a feature which will provide the functionality
> >>> to users to create multiple tickets at once. As the
> QuickCreateTicketDialog
> >>> component is some what similar I'm trying to extend its functionality
> to
> >>> post the parameters to the backend DB. The thing is while I'm trying to
> >>> submit the input form it gives me the error saying; "Error: Bad
> Request Missing
> >>> or invalid form token. Do you have cookies enabled?"
> >>> I have used the same value for the input __FORM_TOKEN which have been
> >>> used for the Quick Create Ticket component. I have also tried removing
> that
> >>> input from the form. Then it resulted in not hitting the match_request
> >>> method.
> >>> It will be really great if you can help me on this matter.
> >>>
> >>> PS: As I know some other projects will be also benefited if this issue
> >>> can be solved.
> >>>
> >>> Thanks
> >>> Dammina
> >>> --
> >>> Dammina Sahabandu.
> >>> Undergraduate Department of Computer Science and Engineering
> >>> University of Moratuwa
> >>> Sri Lanka.
> >>>
> >>
>
--
Dammina Sahabandu.
Committer for ASF (Apache Bloodhound)
Undergraduate Department of Computer Science and Engineering
University of Moratuwa
Sri Lanka.
Re: Clarification on __FORM_TOKEN
Posted by Gary Martin <ga...@wandisco.com>.
Dammina,
Have you tried just not including the DIV element with the form token? Just
having a quick look at other templates, I am not sure there is another page
that includes this as part of the template and checking with a debugger at
around line 203 of trac/web/main.py I see that req.args.get('__FORM_TOKEN')
is returning a list of two items instead of a single string.
Hope this helps!
Cheers,
Gary
On 13 June 2014 21:10, Gary Martin <ga...@wandisco.com> wrote:
> It seems that in my haste earlier I only sent this to Dammina. I also
> noted that the form shared an id with the quick ticket form on the page in
> question but I don't yet know if this has anything to do with the behaviour
> described. I'll have a look shortly but if anyone has some better advice,
> that would be great!
>
> Cheers,
> Gary
>
>
> On 13 June 2014 11:14, Gary Martin <ga...@wandisco.com> wrote:
>
>> Hi Dammina,
>>
>> I won't be able to look at this until this evening so I hope that someone
>> else will be able to help out with this. In the mean time, if other forms
>> do not also display this problem, I would probably put some debug points in
>> the python code that processes the views to see if I could spot any
>> obviously significant differences. Without checking, I am assuming that the
>> form token should be part of the data received.
>>
>> Anyway, as I said, I'll have a proper look later.
>>
>> Cheers,
>> Gary
>>
>>
>> On 13 June 2014 09:09, Dammina Sahabandu <dm...@gmail.com> wrote:
>>
>>> Hi All,
>>> I'm trying to implement a feature which will provide the functionality
>>> to users to create multiple tickets at once. As the QuickCreateTicketDialog
>>> component is some what similar I'm trying to extend its functionality to
>>> post the parameters to the backend DB. The thing is while I'm trying to
>>> submit the input form it gives me the error saying; "Error: Bad Request Missing
>>> or invalid form token. Do you have cookies enabled?"
>>> I have used the same value for the input __FORM_TOKEN which have been
>>> used for the Quick Create Ticket component. I have also tried removing that
>>> input from the form. Then it resulted in not hitting the match_request
>>> method.
>>> It will be really great if you can help me on this matter.
>>>
>>> PS: As I know some other projects will be also benefited if this issue
>>> can be solved.
>>>
>>> Thanks
>>> Dammina
>>> --
>>> Dammina Sahabandu.
>>> Undergraduate Department of Computer Science and Engineering
>>> University of Moratuwa
>>> Sri Lanka.
>>>
>>
Re: Clarification on __FORM_TOKEN
Posted by Gary Martin <ga...@wandisco.com>.
It seems that in my haste earlier I only sent this to Dammina. I also noted
that the form shared an id with the quick ticket form on the page in
question but I don't yet know if this has anything to do with the behaviour
described. I'll have a look shortly but if anyone has some better advice,
that would be great!
Cheers,
Gary
On 13 June 2014 11:14, Gary Martin <ga...@wandisco.com> wrote:
> Hi Dammina,
>
> I won't be able to look at this until this evening so I hope that someone
> else will be able to help out with this. In the mean time, if other forms
> do not also display this problem, I would probably put some debug points in
> the python code that processes the views to see if I could spot any
> obviously significant differences. Without checking, I am assuming that the
> form token should be part of the data received.
>
> Anyway, as I said, I'll have a proper look later.
>
> Cheers,
> Gary
>
>
> On 13 June 2014 09:09, Dammina Sahabandu <dm...@gmail.com> wrote:
>
>> Hi All,
>> I'm trying to implement a feature which will provide the functionality to
>> users to create multiple tickets at once. As the QuickCreateTicketDialog
>> component is some what similar I'm trying to extend its functionality to
>> post the parameters to the backend DB. The thing is while I'm trying to
>> submit the input form it gives me the error saying; "Error: Bad Request Missing
>> or invalid form token. Do you have cookies enabled?"
>> I have used the same value for the input __FORM_TOKEN which have been
>> used for the Quick Create Ticket component. I have also tried removing that
>> input from the form. Then it resulted in not hitting the match_request
>> method.
>> It will be really great if you can help me on this matter.
>>
>> PS: As I know some other projects will be also benefited if this issue
>> can be solved.
>>
>> Thanks
>> Dammina
>> --
>> Dammina Sahabandu.
>> Undergraduate Department of Computer Science and Engineering
>> University of Moratuwa
>> Sri Lanka.
>>
>