wip to select GET or POST for actions #168
Conversation
| # HACK to allow POST requests too | ||
| post = get |
| <a href="{% add_preserved_filters action_url %}" | ||
| title="{{ tool.standard_attrs.title }}" | ||
| {% for k, v in tool.custom_attrs.items %} | ||
| {{ k }}="{{ v }}" |
There was a problem hiding this comment.
need to look into if we need to make sure the html is safe (will be one of the things I experiment with)
| {{ k }}="{{ v }}" | |
| {{ k }}="{{ v|escape }}" |
https://docs.djangoproject.com/el/4.2/ref/templates/builtins/#escape
There was a problem hiding this comment.
version before had this line without escape, here: https://github.com/crccheck/django-object-actions/pull/168/files#diff-7b01c579f97b840216ab2dc0fb68a59712317af56efac2504ed9edcf021480baL10
| {% elif tool.button_type == 'form' %} | ||
| <form method="post" action="{% add_preserved_filters action_url %}"> | ||
| {% csrf_token %} | ||
| <a href="#" onclick="this.parentNode.submit(); return false;" |
There was a problem hiding this comment.
I really doubt Django has styling for anything other than the <a> but it would be nice to use <button> or <input type=submit> and not need the JavaScript.
crccheck
changed the title
|
I'll merge this as a broken commit so you get attribution, but I'll work on the next commit to fix CI. I'd like to remove |
|
@crccheck thanks a lot! |
Followup to #168 to get CI to pass again, documents how to make a POST only action, and adds some test coverage. There are still a few cleanup issues but this should get things moving on POST only actions again.
Another try at enforcing POST actions. This change is more gradual than #149 - when library user doesn't change default options the behavior is exactly the same as before the change, that is:
However, user can change this behavior using
methodsandbutton_typekwargs. For example@action(methods=['POST'], button_type='form')results inUnfortunately I have this tested only within my project. Also the docs are missing.
And one more thing - I think it is better to use
<input type="submit">instead of js to submit the form. This js is need to make the buttons look the same in both versions. With proper CSS (that is beyond my ability to write ;) ) js is avoidable and we could be using pretty semantic html submit button. I took the form button template from #149.