Comments (4)
jamesturk
commented on May 27, 2024
1
Thanks, I'll add a warning to the docs about this.
from django-honeypot.
jamesturk
commented on May 27, 2024
Can you give a bit more context? Most helpful would be a small isolated
case, but any code you can share to reproduce would be appreciated.
…On Sat, Jun 13, 2020 at 11:44 PM 9mido ***@***.***> wrote:
Using the middleware of this app, I cannot save anything I do on admin
without getting the 400 bad request error page.
Nothing is entered into the value that the honeypot input field uses.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#30>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAB6YXU5LOHX3IHGOBNH2DRWRBP3ANCNFSM4N5IOYTQ>
.
from django-honeypot.
9mido
commented on May 27, 2024
Using the latest Django 3 and Python 3
INSTALLED_APPS = ['honeypot',]
MIDDLEWARE = ['honeypot.middleware.HoneypotMiddleware',]
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': [os.path.join(BASE_DIR,"templates")],
'APP_DIRS': True,
}
]
HONEYPOT_FIELD_NAME = "name"
HONEYPOT_VALUE = ""
Added the following CSS to admin to make the honeypot input invisible on admin pages:
https://stackoverflow.com/a/37317429
project_name/static/css/admin-extra.css:
.form-input{
opacity: 0;
position: absolute;
top: 0;
left: 0;
height: 0;
width: 0;
z-index: -1;
}
project_name/templates/honeypot/honeypot_error.html:
<title>400 Bad Request</title>
<meta name="description" content="Error Request aborted">
<h1>400 Bad Request</h1>
<p>Error Request aborted.</p>
project_name/templates/honeypot/honeypot_field.html:
<div class="form-input">
<input type="text" name="{{fieldname}}" value="{{value}}" />
</div>
project_name/templates/admin/base_site.html:
{% extends "admin/base.html" %}
{% load static %}
{% block title %}{{ title }} | {{ site_title|default:_('Django site admin') }}{% endblock %}
{% block extrastyle %}{{ block.super }}<link rel="stylesheet" type="text/css" href="{% static "css/admin-extra.css" %}" />{% endblock %}
{% block branding %}
<h1 id="site-name"><a href="{% url 'admin:index' %}">{{ site_header|default:_('Django administration') }}</a></h1>
{% endblock %}
{% block nav-global %}{% endblock %}
The HTML templates that are overridden are located in:
project_name/templates/honeypot/
project_name/templates/admin/
Possible that an outdated package is causing the problem?
The chrome inspect error tab shows the change/ error at 127.0.0.1:8000/admin/app_name/1/change/ when clicking save on admin only for a specific django app.
change/ | 400 | document | Other | 509 B | 41 ms
If using the chrome inspect network tab on something like 127.0.0.1:8000/admin/account/emailaddress/1/change/ and try to change something on that link, the save button works.
change/ | 302 | text/html | Other | 800 B | 55 ms
from django-honeypot.
9mido
commented on May 27, 2024
@jamesturk According to a django expert I asked on reddit, it seems that this is happening because "If you have another field on the submission that has name="name" then this will cause the failure."
Changing the HONEYPOT_FIELD_NAME = "field-name" for example causes the save functionality to work again.
from django-honeypot.
Related Issues (20)
- Enabling honeypot.middleware.HoneypotMiddleware breaks existing tests HOT 2
- write real docs
- IPAddressField has been deprecated HOT 2
- Middleware classes are not compatible with django 1.10+
- More info on HONEYPOT_VERIFIER and how to implement time based honeypot HOT 3
- Middleware needs updating for Django2.2
- 0.7.0 doesn't work with django 3.0 HOT 1
- Server Error (500) Issue
- [Suggestion] Use different properties than "display:none"
- Override template without editing source package? HOT 4
- DRF HOT 1
- 2 problems with django-cookie-consent HOT 3
- Dependabot couldn't authenticate with https://pypi.python.org/simple/
- Provide an example of a time based honeypot value generator
- Content type field check case sensitivity HOT 2
- Django <3.0 requirement HOT 1
- Conflict issue in django4 HOT 1
- Upgrading to Django v5.0 downgrades django-honeypot from v1.0.4 to v0.9.0 HOT 2
- PyPI package repo needs updating
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-honeypot.