hi alastairp, have you ever worked with a FieldList of FormFields in WTForms?
2019-08-01 21344, 2019
alastairp
no, I've not. do you have a specific thing you're trying to do? what's the code that's not working?
2019-08-01 21326, 2019
Mr_Monkey
akhilesh: Good job on the tests you added last. I feel better knowing the structure of the resources is monitored, in case something changes somewhere.
2019-08-01 21326, 2019
Mr_Monkey
I took the liberty to move around them to a separate test each, to make it easier to pinpoint if something goes wrong.
2019-08-01 21313, 2019
aidanlw17
alastairp: it’s the form that I’m using for the eval in the most recent PR. Since we have multiple recordings to be evaluated, each with the same form properties (rating/feedback and a suggestion), I created a form to hold those properties, then made a form whose only property is a list of the form for a single recording. Wtf forms documents field list and form field https://wtforms.readthedocs.io/en/stable/fields.h…
2019-08-01 21338, 2019
aidanlw17
The form works fine, my problem with it is with csrf tokens
2019-08-01 21324, 2019
aidanlw17
Even when I include the `{{ form.hidden_tag }}` in the form, I get an error where the form can’t validate, missing csrf token.
2019-08-01 21354, 2019
aidanlw17
I get 10 of these errors - one for each of the form fields in the list
2019-08-01 21355, 2019
aidanlw17
But I expected that if the form holding the field list had a csrf token, then it should validate?
2019-08-01 21302, 2019
aidanlw17
Originally I fixed the problem with this by adding a hidden tag for each form within the field list as well, during the loop through the recordings in the template
2019-08-01 21326, 2019
aidanlw17
But then I switched to use Ajax for the request, and the problem came back
2019-08-01 21325, 2019
alastairp
in flaskwtf you have to add the csrf yourself
2019-08-01 21357, 2019
nav2002_ has quit
2019-08-01 21348, 2019
alastairp
huh, I didn't know about hidden_tag, I've always used {{ form.csrf_token }} directly
2019-08-01 21314, 2019
alastairp
one thing that I'm not sure about, the example on the wtf site says "{{ form.hidden_tag() }}", with (), which might cause differences
2019-08-01 21330, 2019
alastairp
did you check the generated html to ensure that the form looked correct?
2019-08-01 21328, 2019
aidanlw17
Yeah I wasn’t sure which to use - I’ve tried hidden_tag(), csrf_token, all of them. If I add a tag for a token for each recording form, they’re all visible in the HTML - 11 csrf tokens.
2019-08-01 21323, 2019
aidanlw17
And when I added one for each recording form in the field list it worked. But then when I made the request through Ajax instead, and had to add the csrf token as a header, then I got the error about them missing again
2019-08-01 21301, 2019
alastairp
so the main issue is that you have a wtform which isn't validating in some cases?
2019-08-01 21345, 2019
alastairp
have you tried to simplify what you have? e.g. can you successfully submit a form with just a single recording?
2019-08-01 21351, 2019
alastairp
or if you have a FieldList, can you do a list of a basic field type, not a FormField?
2019-08-01 21314, 2019
alastairp
as I said, I've not done a lot of this before, so I can't make a clear suggestion about what to do
2019-08-01 21302, 2019
aidanlw17
Yeah that’s the main problem. I have gotten more basic forms working, but I’ll look over them again and try to make sure they work with ajax.
2019-08-01 21336, 2019
aidanlw17
I understand! I’ll also look around online some more.
2019-08-01 21351, 2019
alastairp
I don't think we use Forms to valid ajax requests in other places
2019-08-01 21303, 2019
alastairp
it might be just as OK to generate a json document and ajax it to an endpoint
2019-08-01 21324, 2019
alastairp
however, in that case, it might be worth integrating with React, like the dataset editor does
2019-08-01 21331, 2019
aidanlw17
Ok, got it. I’ll look into that too and maybe can integrate it with react!
2019-08-01 21344, 2019
alastairp
unless really important, I'd suggest staying away from ajax until you get everything working
2019-08-01 21312, 2019
alastairp
because it'd become very easy to get stuck in making it look nice without moving on to next stuff
2019-08-01 21300, 2019
aidanlw17
For sure, makes sense. I got the form working yesterday so then I tried to add it, but sadly that broke it lol
2019-08-01 21303, 2019
aidanlw17
I was reading https://flask-wtf.readthedocs.io/en/stable/csrf.h… and flask-wtf says they recommend using csrf protection for every endpoint. I was wondering, why don’t we use global protection for the whole app like they show at the top of that linked page?
2019-08-01 21344, 2019
alastairp
what do we use instead? do we annotate methods to say to protect it?
2019-08-01 21302, 2019
alastairp
consider that this will protect all POST methods
2019-08-01 21316, 2019
alastairp
which also includes things like the API endpoints to submit lowlevel files
2019-08-01 21339, 2019
alastairp
but we can't protect this, because there's no way for a client to get a token for doing the submission
2019-08-01 21307, 2019
aidanlw17
Oh okay, the client would need a secret key to access those API endpoints?
2019-08-01 21341, 2019
alastairp
yeah
2019-08-01 21317, 2019
djwhitey joined the channel
2019-08-01 21305, 2019
aidanlw17
Ok thanks!
2019-08-01 21322, 2019
nav2002_ joined the channel
2019-08-01 21346, 2019
nav2002_ has quit
2019-08-01 21315, 2019
alastairp
iliekcomputers: hi, any progress on the dump?
2019-08-01 21354, 2019
nav2002_ joined the channel
2019-08-01 21349, 2019
Cyna
bitmap: removing conda worked :)
2019-08-01 21306, 2019
Cyna
I'm getting better logs when running locally as well as better performance
Is it going through direct search for them because I don't have a local search server for some reason? I thought all searches would go through the mb search server
2019-08-01 21359, 2019
reosarevok
(I'm on the beta branch locally, no other changes)
2019-08-01 21346, 2019
modwizcode has quit
2019-08-01 21300, 2019
modwizcode joined the channel
2019-08-01 21342, 2019
nav2002_ has quit
2019-08-01 21311, 2019
yvanzo
reosarevok: I guess your local MB server is querying old search server.