i am trying to use ajax pooling on my site (setTimeout) alongside django-session-security . In the documentation there is a mention of SESSION_SECURITY_PASSIVE_URL but i can't seem to get it to work.
My settings:
SESSION_SECURITY_WARN_AFTER = 15
SESSION_SECURITY_EXPIRE_AFTER = 21
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
SESSION_SECURITY_PASSIVE_URL = ['http://localhost:8000/core/notice/check/', 'core/notice/check/', '/core/notice/check/']
My javascript:
setTimeout(function(){
get_notifications();
}, 2000);
Any ideas what i am doing wrong?
It seems that it's just because your settings parameter name is missing the ending 's'. It should be 'SESSION_SECURITY_PASSIVE_URLS' instead of 'SESSION_SECURITY_PASSIVE_URL' in your case. Consider the source code here.
Other than that I believe you can safely remove redundant elements from the SESSION_SECURITY_PASSIVE_URLS list and leave just the '/core/notice/check/' entry there. Again, as we can see from the source code the decision of whether request 'is passive' is made by checking the request.path against the list of values from the settings.
Can't comment, thus attempting to answer here. Have you added {% include 'session_security/all.html' %} to your (base) template? Also do you have added session_security URLs in appropriate urls.py file?
SESSION_SECURITY_PASSIVE_URLS allows you to add static urls. However, most urls in Django are anything but static. How would you add dynamic urls to this list to bypass session update. For example in url /category/1/product/5/, 1 and 5 are dynamic ids but I would like to skip any url that matches the pattern
'/category/(?P<cat_id>[\d]+)/product/(?P<product_id>[\d]+)/'
This is unlikely, but if you are using django-ajax middleware AJAXMiddleware, it conflicts with session_security mechanism, and either the session expiry notification might not appear or session expiration might not work altogether. I had to remove AJAXMiddleware to make session_security work again.
Related
The Masonite route documentation describes passing a parameter at the end of a URL like so:
# Handles /article/1234
Route.get('/article/#id', 'ArticleController#show')
What I want to do is create a slug after the article.id, and just use the article.id to return the appropriate article from the database. The Masonite documentation doesn't seem to explain how to do this, but I guessed it'd look something like the below (which doesn't work).
# Handles /article/1234/my-nice-slug
Route.get('/article/#id/*', 'ArticleController#show')
Does anybody know the correct way to do this?
I figured this out myself.
You can grab the article.id by assigning the next part of the path another parameter and not using it. i.e:
# Handles /article/1234/my-nice-slug
Route.get('/article/#id/#my_slug', 'ArticleController#show')
edit
Joe Mancuso of Masonite also suggests using route compilers.
Try '/article/#id:integer/#my_slug'
which would match /article/123 but not /article/string_here
I have the url patterns in my project urls.py
url(r'^', include('app.urls')),
url(r'^api/app/', include('app.url.router_urls')),
and in the app.urls i have something like
url(r'^api/app/user$', views.user_validator),
and in the app.url.router_urls i have something like
url('^v1/', include('app.url.app_v1.urls'))
I have a question around these.
so when the request is BASE_URL/api/app/{user} which url will be mapped to this?
and how about BASE_URL/api/app/v1/ which url will be mapped.
this will map first with ^ right and will use the app.urls for both?
thanks
Django will fire the first view for which the URL matches. It thus evaluates the urls top-to-bottom.
It will thus first look to the included app.urls and if that matches (if you visited hostname/api/app/user, it will "fire" that view.
Note that here your user is not a variable, this is simply the word user, so if you visit {user}, it will keep looking, but since none of the patterns "fire", it will thus return a 404.
You can work with URL parameters, with:
url(r'^api/app/(?P<user>[\w{}]+)$', views.user_validator),
If we do this however, it will also match with hostname/api/app/v1, since then it sees that [\w{}]+ matches with v1.
Therefore it is important to order the url patterns from more specific to less specific, or even better: design the URL patterns such that there is no overlap.
Note: As of django-3.1, url(…) [Django-doc] is
deprecated in favor of re_path(…) [Django-doc].
Furthermore a new syntax for paths has been introduced with path converters: you
use path(…) [Django-doc] for that.
I'm building a tool using Django that works with the part numbers that my company uses, one set of part numbers includes /'s which I didn't realize when I set up the url to access the part summary.
Now when try to pass one of those part numbers it breaks things, is there a way to work around this? I'd like to avoid changing the part number or adding a unique id with no other meaning to the model.
an example part number that causes the problem is P-030-P-401/ND the url pattern is /parts/
Thanks in advance
If you are allowed to change the route a bit, this is an option with just a few characters difference:
www.domain.com/parts/?part_id=P-030-P-401/ND
Example setup:
urls.py
urlpatterns = [
# other paths here
path("parts/", view_test),
]
views.py
def view_test(request):
part_id = request.GET.get("part_id")
return render(request, "parts/test.html", {"part_id": part_id})
test.html
{{part_id}}
Depending on browser settings maybe replace / with %2F, but it's working with the slash for me on Firefox.
Currently working in Django, and I'm trying to set things up so that a form on one page calls a specific URL, for which the appropriate view is rendered. I'm having trouble with the regular expression that parses the URL, as it won't read the value '\?' as an escaped question mark, which is what I believe it should be doing. The following RE checks out on Pythex.
When the app submits the form, it calls the URL:
http://127.0.0.1:8000/map/?street=62+torrey+pines+cove&city=san+diego&state=CA&radius=50&drg=4
In my project level urls.py file, I have the following:
url(r'^map/', include('healthcare_search.urls', namespace="healthcare_search")),
This calls my app level urls.py file, where I have:
url(r'^\?street=(?P<street>[a-z0-9+]+)&city=(?P<city>[a-z+]+)&state=(?P<state>[a-z]{2})&radius=(?P<radius>[0-9]{1,3})&drg=(?P<drg>[0-9]{1,3})', views.map_hospitals, name = "map_hospitals"),
This just results in a 404 error, saying the URL doesn't match any of the patterns. I know that it's a RE problem, because I removed everything from the app level RE, and submitted just http://127.0.0.1:8000/map/ to see if it would call the right view, which it did successfully. Things seem to break apart on the '\?'. Any ideas what I'm doing wrong?
As a note, this is the first time I've written a regular expression, so my apologies if it is unclear or poorly written.
You don't want to get access to the variables that way. A better option is to get them from the request, since they'll be available in the request's dictionary of variables. In your view, you can get the value of street via request.GET.get('street', None), which will return the value if street is in the request or return None otherwise.
I have an issue where I need to pass in query parameters for a GET request, but Django is not resolving the URL correctly to the view.
My urls.py looks like this:
from django.conf.urls.defaults import *
urlpatterns = patterns('',
url(r'^confirm_cancel',
'myapp.views.confirm_cancel_method',
name='myapp_confirm_cancel'),
)
When I goto /confirm_cancel?some_id=x I get a 404, telling me "No MyModel matches query." When I set a breakpoint in my view handler, it does not get hit when I goto that url.
However, if I goto /confirm_cancel/x/, my view breakpoint does get hit.
One more thing to note, this worked in Django 1.1, but is now broken since I upgraded to 1.2.
Any thoughts?
Thanks!
I don't think the problem is with your url. Are you using a shortcut like get_object_or_4o4 somewhere in your view? For example:
get_object_or_404(MyModel, pk=99)
would result in a "No MyModel matches given query, if there wasn't a record in your table with a primary key of 99.
We need to see what's in the corresponding view function.
Ideally, it should look something like this:
def confirm_cancel_method(request, some_id=None):
some_id = request.REQUEST.get('some_id', some_id)
some_record = get_object_or_404(SomeModel, pk=some_id)
...
update
Sorry, just saw your note about the breakpoint. One thing I'd recommend is changing the config to this:
from django.conf.urls.defaults import *
urlpatterns = patterns('',
url(r'^confirm_cancel/?$',
'myapp.views.confirm_cancel_method',
name='myapp_confirm_cancel'),
)
Adding /?$ at the end means that only /confirm_cancel or /confirm_cancel/ will match the url. Right now because you don't have the ending $ anything starting with confirm_cancel will match. Fixing the pattern will at least resolve this issue.
I had copied out all the other url patterns in the urls.py in my post.
Turns out that the issue was that I had a r'^(?P<my_id>\w+)/?$' for one of the urls at the top of the urlpatterns.
Next time I'll learn to paste everything instead of cherry picking what I think are the offending lines of code.
Strange that this did not cause Django 1.1 to break... I guess it was a bug that was fixed in 1.2
Did you check if this was a case of the trailing slash?