I have a problem with django caching for login area using Safari.
When I use memcache and have 'django.middleware.cache.FetchFromCacheMiddleware' on, the login part of the page is always cached, showing "Welcome username" even after I press Logout.
It should change back to "login/sign up" link after logout is clicked. This seems to happen only in safari. Is there any way to not cache a part of the HTML page? I used #never_cache when it comes to view functions, but this login information is part of the base.html which gets extended throughout other site template htmls.
Thank you.
Code
In base.html
{% if user.is_authenticated %}
<div class="login">
<a id="login_dropdown_link" title="Login_nav">Welcome {{ user.username }} ( <span id="total_count"> {% total_count %}</span> )</a>
</div>
{% else %}
<div class="login">
<span class="spaced">Log In | Sign Up</span>
</div>
{% endif %}
This is most likely due to a header issue where Safari is being instructed to cache the page for a certain amount of time.
Related
I have this piece of code of a flask template
<div class="rows">
<h3>In oven</h3>
{% for checkbox in checkboxes: %}
<li><input type="checkbox"></li>
{% endfor %}
</div>
I tried using java script but after refresh the checkboxes resets even if I checked it before. I want to checked it and after refreshing the page the check to stay. Any ideas how to do it?
You need to store somewhere the value of the checkbox to set it when loading the page again.
Local storage
Flask session
Database
Ajax query
With a form
This value has to be something that can be evaluated as true/false.
After retrieving the value you need to evaluate for add or not the checked property in the input.
In this example, I'm using a variable on the view.
#app.py
#app.route("/")
def sample():
your_variable=True
return render_template('index.html', your_variable=your_variable)
#index.html
<div class="rows">
<h3>In oven</h3>
{% for checkbox in checkboxes: %}
<li><input type="checkbox" {{'checked="checked"' if your_variable else ""}}></li>
{% endfor %}
</div>
Of course, with a more complete question this can be more specific
Hello, Everybody.
I was wondering about... What happens when a csrf_token is submitted by the server-side application to the browser in an HTML form, and that form was not submitted with the post by the browser?
Because I was thinking... Django makes the csrf_token and relates it to the user or to the session, I am not sure, to check it when it comes back. And then I think it deletes it, right? So what if it wasn't back?
Will it stay there waiting until the session ends or It is a mistake that causes vulnerability or what?
For Example, I want to make a form for Comments under the details of the object. But it is not a must to comment. You can comment if you need, and you can do not so. So I put a form like this under those details :
<div class="container">
<!-- Here is the object data -->
</div>
<div class="container comments">
<ul>
<li>
<form action="{% url 'ads:newcomment' %}" method="POST">
{% csrf_token %}
<input id="comment_txt" name="comment" type="text" value="Type a comment..." class="comment_txt"/>
</form>
</li>
{% for comment in comments %}
<li class="comment">{{comment}}</li>
{% endfor %}
</ul>
</div>
The CSRF token data lives in the request session or in the cookies depending on your settings.
When you do {% csrf_token %} the same token is put into a hidden field on your form so that it get's POSTed back to the server.
The server will just compare that it matches what it in the sesssion/cookie.
A similar thing is done for AJAX requests, but rather than including it in the body, it is part of the headers.
If you use CSRF_USE_SESSIONS = True or CSRF_COOKIE_HTTPONLY = True the token cannot be accessed via JavaScript so it's pretty safe.
The token itself is randomly generated and used throughout a user's session (i.e if they logout and login again a different token will be generated).
So to answer your question, if the form is not submitted nothing happens. The CSRF token will continue to exist in the session/cookies as long as the user is logged in.
Refer to the Django Docs for more details
Hey almighty Stackoverflow,
i'm pretty new to Django and i'm required to write an HTML-Email Template, which includes Social-Media Icons that are also Hyperlinks. It all works fine in Preview, but when send by Email only the "Broken-Image"-icons appear.
The Images are located in the static file of the Django Module and also in the static.dist directory of the main application. A few weeks ago, it worked, but after some pause and new testing yesterday, the images are broken.
{% static 'ner_mail/YouTube.png' as yt_icon %}
{% with 'target="blank" href="https://www.youtube.com/URL"'|safe as a_attr %}
{% blocktrans %}
<a {{ a_attr }} > <img src="{{ yt_icon }}" alt="" style="alignment: left;vertical-align:middle; width: 30px; padding-right: 5px" ></a>
<a {{ a_attr }}> Social Media {% endblocktrans %}
{% endwith %}</li>
Can somebody maybe help me? Thank you in advance for any help!
Best regards,
The static template tag gives a relative url, hence when you send that in an email, the user's browser assumes it to be relative from the current website the user is on (gmail.com if suppose the user opened their email there). Hence you want to render an absolute url. To do this you can use request.scheme [Django docs] and request.get_host [Django docs]:
<img src="{{ request.scheme }}://{{ request.get_host }}{{ yt_icon }}" ...>
I'm currently developing a Django web app that will allow users to sign-in with their google account and get access to their Google Calendar and Google Drive data.
I already succeeded in doing so on another project in a front-end context using an Angular library called ng-gapi (GoogleAuthService) but I can't seem to find an equivalent for Django! All I was able to do for the moment is to implement a simple google login, but can't communicate with the different google APIs.
I have tried to use a module called django-allauth but it only logs-in the user via google but without providing any useful information (like authorization tokens etc...) needed to grant the web app to communicate with the user's google data.
{% load socialaccount %}
{% providers_media_js %}
{% load static %}
<html>
<body>
{% if user.is_authenticated %}
<p>Welcome {{ user.username }}</p>
<a class="btn btn-warning" href="http://localhost:8000/accounts/logout/">Log out</a>
<a class="btn btn-secondary" href="http://localhost:8000/show/">My Gigs</a>
<p>You're logged in with {{ user.get_provider }} as {{ user }}.</p>
<img style="max-width: 80px; padding:10px; margin-bottom:10px" src="{{ user.socialaccount_set.all.0.get_avatar_url }}" />
<p>UID: {{ user.socialaccount_set.all.0.uid }}</p>
<p>Date Joined: {{ user.socialaccount_set.all.0.date_joined}}</p>
<p>Last Login: {{ user.socialaccount_set.all.0.last_login}}</p>
<p>{{ user.socialaccount_set.all.0.extra_data.name }}</p>
{% else %}
<a class="btn btn-primary" href="{% provider_login_url 'google' %}">Log in</a>
{% endif %}
</body>
</html>
When I try to log-in this way, I get the google sign-in page which works well, but I don't have the second window which would have to be the one concerning the user granting my web-app to have access to his Google Calendar and Google Drive data (even though I have already configured it in my google developer console).
I would be immensely grateful if you could help me, I know that it looks as if this question has been answered multiple times but I have read hundreds of posts on the subject and couldn't find a solution.
You can use Django social auth library
An example of the implementation is here
You should enable access to google calendar and disk API from GOOGLE API CONSOLE
Recently, I added adminplus which automatically creates a link on the admin page to my custom view. E.g. admin.site.register_view('somepath', 'My Fancy Admin View!', view=my_view) should produce a 'Custom View' menu with a link named 'My Fancy Admin View!'. If I disable Grappelli, the menu & link appears, however when Grappelli is enabled, the menu & link disappears. My guess is Grappelli skips this menu because it is defined differently from the rest. Any advice would be greatly appreciated.
Thank to the hint provided by dan-klasson, I found a hack for my problem
Add the following code to Grappelli's admin/index.html
{% empty %}
<p>{% trans "You don´t have permission to edit anything." %}</p>
{% endfor %}
<!-- Code above is included as point of reference -->
<!-- Add the code below -->
<div class="grp-module" id="custom_views">
<h2>Custom Views</h2>
<div class="grp-row">
{% for path, name in custom_list %}
<strong>{{ name }}</strong>
{% endfor %}
</div>
</div>