On Mon, May 18, 2009 at 11:47:34AM -0700, Jan Koprowski wrote:
> After i upgrade few Pylons packages elements related with Pylons i
> get "403 CSRF" error in function tests in my app. After look to form i
> saw that when I use some default values to fill form and use
> secure_form too _authentication_token is empty.
>
> ------------ controller -----------------
>
> def index(self):
> form = render('/information/index.mako')
...
> return formencode.htmlfill.render(
> form,
> defaults = info
> )
Try passing force_defaults=True to htmlfill.render().
> ------------ controller -----------------
>
> ------------ template -----------------
> ${h.secure_form(h.url_for('/information/update'), method='post')}
> ${h.end_form()}
> ------------ template -----------------
>
> ------------ site source -----------------
> <form action="/information/update" method="post">
> <div style="display: none;"><input name="_authentication_token"
> type="hidden" value="" /></div>
> ------------ site source -----------------
>
> Is this a bug or it is normally and i should just do worakround and
> get some random "string" in controller for info._authentication_token
> by my own and do all this strange stuff for "@authenticate_form" ?
htmlfill is quirky and I've never used secure_form, so I don't know
where the blame falls.
Marius Gedminas
--
"I may not understand what I'm installing, but that's not my job. I
just need to click Next, Next, Finish here so I can walk to the next
system and repeat the process"
-- Anonymous NT Admin
signature.asc
Description: Digital signature
