def fail(request):
form = FeedbackForm(request)
if request.method == 'POST' and form.validate():
note = form.note.data
msg = '{} - {}'.format(datetime.now(), note)
session.setdefault('fb', []).append(msg)
return response.redirect('/fail')
feedback = ''.join('<p>{}</p>'.format(m) for m in session.get('fb', []))
content = f"""
<h1>Form which fails CSRF Validation</h1>
<p>This is the same as this <a href="/">form</a> except that CSRF
validation always fail because we did not render the hidden csrf token</p>
{feedback}
<form action="" method="POST">
{'<br>'.join(form.csrf_token.errors)}
{'<br>'.join(form.note.errors)}
<br>
{form.note(size=40, placeholder="say something..")}
{form.submit}
</form>
"""
return response.html(content)
评论列表
文章目录
