Hello
I have a component that is loaded by ajax and this component has an
SQLFORM.grid.
This component has a variable in the url.
For security reasons I want the ajax component to have the url signed.
The problem is that the grid pagination links generate a wrong signed url.
wrong signed url:
http:
//127.0.0.1:8001/pruebas/default/ajax_grid.load?fk=1&page=2&_signature=04fd4fd72bdbda072410fda2184d0ac3a94b4058
i get "ACCESS DENIED" because @auth.requires_signature()
grid generate wrong signed url in pagination when url have vars and
requires signature.
Any way to solve the problem?
A simplified version of the code:
def prueba_grid():
# Same data
if not db(db.t_data).select():
for i in range(1, 100):
fk = i % 2
db.t_data.insert(f_data=i, f_fk=fk)
url = URL('default', 'ajax_grid.load', vars=dict(fk=1), user_signature=
True)
load_ajax_grid= LOAD(url=url, ajax=True)
return locals()
@auth.requires_signature()
def ajax_grid():
fk = request.get_vars.fk
grid = SQLFORM.grid(
db.t_data.f_fk == fk
)
return dict(grid=grid)
And de model:
db.define_table(
't_data',
Field('f_data', 'string', length=10),
Field('f_fk', 'integer'))..
view prueba_grid
{{extend 'layout.html'}}
{{=load_ajax_grid}}
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/web2py/a59f050e-0dba-41ab-9676-b9ef55d9f1fb%40googlegroups.com.
