Home > Blockchain >  The browsable API HTML renderer performs a POST despite the button is configured to send and showing
The browsable API HTML renderer performs a POST despite the button is configured to send and showing

Time:11-03

I'm testing API CRUD with browser request debugging

The base render template is located base rendering template DELETE block code

104         {% if 'DELETE' in allowed_methods %}
105             <form class="button-form" action="{{ request.url }}" method="DELETE" class="pull-right">
106                 <!-- csrf_token -->
107                 <input type="hidden" name="_method" value="DELETE" />
108                 <button class="btn btn-danger js-tooltip" title="Make a DELETE request on the resource">DELETE</button>
109             </form>
110         {% endif %}

But not, the browser is now sending a GET request with the query string _method=DELETE, instead of DELETE request/method.

browser rendering after code update

Everything is OK when sending request to the API using curl

Can one of you guys with good flask html rendering skills check this out and test on its side?

CodePudding user response:

Never seen form with method=DELETE. MDN documentation says it should be either a GET or POST. Also see this old stackoverflow question that also says it is not supported in forms.

The template you're referencing is for an API so it seems to me that they are supporting direct calls to the API (such as with curl or Postman which would support PUT, DELETE, etc) and calls via forms (which would only be GET or POST)

You should keep your original code where method = POST and add POST as a method for def notes_detail i.e. you should have

    @app.route("/<int:key>/", methods=['GET', 'POST', 'PUT', 'DELETE'])
    def notes_detail(key):

CodePudding user response:

I abandoned the effort of making the browser sending DELETE requests, and dealed with form hiden inputs, keeping POST as the form's method

104         {% if 'DELETE' in allowed_methods %}
105             <form class="button-form" action="{{ request.url }}" method="POST" class="pull-right">
106                 <!-- csrf_token -->
107                 <input type="hidden" name="_method" value="DELETE" />
108                 <button class="btn btn-danger js-tooltip" title="Make a DELETE request on the resource">DELETE</button>
109             </form>
110         {% endif %}
  • Related