Can someone confirm my reasoning... or correct it if it's wrong? Thanks, Tom.
On Monday, May 10, 2021 at 3:22:24 PM UTC+2 Tom Clerckx wrote: > I was running into some issue with SQLFORM.grid and after going through > the code, I realized that the grid does not include request.vars when > calculating the URL signature (ref: v2.21.1, gluon/sqlhtml.py @ 2440). > > Please correct me if I would be wrong,... else it may be useful to add > something about this behavior in the web2py documentation: > > > SQLFORM.grid validates the signature without taking into account > request.vars > > As such, any constructed URL that contains a user_signature and that is > pointing to the page that uses the controller function which creates this > grid, should have this signature created without including request.vars! > > Thus, hash_vars should be set to False in that case. If not, you may get a > ‘not authorized’ flash message and you will be redirected. > > E.g. a signed URL pointing to such page should look like: > > URL(‘mypage_with_grid’, args=[‘a’, ‘b’, ‘c’], vars={‘var1’:’val1’}, > *user_signature=True,* *hash_vars=False*) > > > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/b83b2d77-6f11-47ba-a382-5c7b07f3047en%40googlegroups.com.