[Flask] (no subject)

Dorian Hoxha dorian.hoxha at gmail.com
Wed Sep 30 15:35:56 CEST 2015


ALWAYS check if the field exist in request.form, if it doesn't you will get
a 400 request-error.
2 ways to check:
if 'field' in request.form
if request.form.get('field')

On Wed, Sep 30, 2015 at 12:29 AM, Kyle Lawlor <klawlor419 at gmail.com> wrote:

> Hello, everyone.
>
> I've been working on web app for a friends restaurant. I am slowly adding
> the functionality that I need. Earlier today I was able to add a payment
> method via the Stripe API. I have confirmed that the test payments are
> going through to my Stripe logs. I followed very closely to the [stripe
> flask tutorial](https://stripe.com/docs/checkout/guides/flask). Basically
> I am doing the exact same thing as what is done in the tutorial, except I
> have adjusted the payment amount based on interaction with the "order
> online" portion of the website.
>
>
> *First issue:*
>
> One issue I am having (which I am sure is just a stupid mistake) is that
> once the purchase is confirmed, I redirect to a confirmation page to show a
> summary of the order, but I am getting a "400 Bad Request - CSRF token
> missing or incorrect" error.
>
> I tried to solve the problem using the methods from [this page](
> http://flask-wtf.readthedocs.org/en/latest/csrf.html), like adding an
> empty form with a CSRF token, to no avail. I also tried including a meta
> tag with the token which also did not work.
>
> I am puzzled. A curious thing is that I can access the "payment" page
> manually via url before and after the transaction goes through. It seems
> that the trouble only happens when I redirect from the Stripe payment.
>
> *Second issue:*
>
> Another possibly related issue is that there is a segment of code using
> the stripe API I have commented out for the following reason. When it is
> uncommented I get the following error in addition to the CSRF error stated
> above, "400 Bad Request - The browser (or proxy) sent a request that this
> server could not understand."
>
> If anyone has a chance to take a look at this for me it would be greatly
> appreciated. Here is the latest version of the project (currently using the
> meta tag with CSRF).
>
> *Project:* https://github.com/callmeskywalker/casa-site
>
>
>
> *First issue relevant:*
> stripe import and test keys:
>
> https://github.com/callmeskywalker/casa-site/blob/master/app/main/views.py#L38-L43
>
> order view function:
>
> https://github.com/callmeskywalker/casa-site/blob/master/app/main/views.py#L47-L128
> <https://github.com/callmeskywalker/casa-site/blob/master/app/main/views.py#L47>
>
> pass stripe key to 'order' template:
>
> https://github.com/callmeskywalker/casa-site/blob/master/app/main/views.py#L128
>
> stripe implementation in 'order' template:
>
> https://github.com/callmeskywalker/casa-site/blob/master/app/templates/order.html#L50-L64
>
> action to redirect to the 'payment' template (just to display order
> details):
>
> https://github.com/callmeskywalker/casa-site/blob/master/app/templates/order.html#L51
>
> payment template with csrf token:
>
> https://github.com/callmeskywalker/casa-site/blob/master/app/templates/payment.html#L5
>
> *Second issue relevant:*
>
> code from stripe API in payment view function (causing second error):
>
> https://github.com/callmeskywalker/casa-site/blob/master/app/main/views.py#L138-L148
>
>
> Thanks ahead. I look forward to any responses.
>
> Best,
> Kyle
>
>
> _______________________________________________
> Flask mailing list
> Flask at python.org
> https://mail.python.org/mailman/listinfo/flask
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/flask/attachments/20150930/01b3ebaf/attachment.html>


More information about the Flask mailing list