I guess the point here is why are you using requires_signature? Normally you do to make sure that only the intended party can access the intended controller function. In your case it is an autocomplete function. That means 1) you do not what the vars is, 2) it is not dangerous since it does not change the state, 3) as you say you do not pass any other vars therefore every user accesses the same set of possible autocomplete values.
Then you should not use @auth.requires_signature. You should use @auth.requires_login() instead, simply to prevent DoS attacks. That said you can can do URL(..., user_signature=True, hash_vars = False) along with @auth.requires_signature(hash_vars=False) so you hash the signature but not vars which would be added later by the autocomplete JS. hash_vars can also be a list of variable names to be hashed. On Monday, 22 June 2015 09:25:07 UTC-5, Scott Hunter wrote: > > I don't see how to use this information to solve the problem. Does any > URL that points to this page need to specify what vars go into the > signature, and what vars should be listed? Since the autocomplete only > includes its own special var, and nothing else does, it seems that I'd need > to exclude all vars. > > This doesn't seem like that outlandish a situation; is there documentation > about how to handle it? > > - Scott > > On Monday, June 22, 2015 at 2:48:56 AM UTC-4, Massimo Di Pierro wrote: >> >> Looks at the options of URL and requires_signature. You can specify which >> vars should be included in the signature. You cannot sign the autocomplete >> field because that is generated by JS after web2py has already computed the >> signature. >> >> On Friday, 19 June 2015 15:31:58 UTC-5, Scott Hunter wrote: >>> >>> Autocomplete widgets do not appear to work within controller functions >>> that require a digital signature (at least not for me). >>> >>> Is this a bug, a feature, or a mistake on my part? >>> >>> - Scott >>> >> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
