Skip to Content
This question has been flagged
requestpostCSRF
2 Replies
19067 Views
Avatar
pam

I'm new to Odoo and trying to understand the basics of how to save data to your model from a POST request like the following

curl -X POST --data "name=Mysterious Odoo&author_ids=Doge" http://0.0.0.0:8069/test

I couldn't find any examples online and the docs don't help me either. In Odoo Development Cookbook it says Odoo intermingles with GET and POST parameters and passes them as keyword argument to the handler. However, I can't get my code running without getting `400 Bad Request. Invalid CSRF Token`: 

@http.route('/test', type='http', auth='none', methods=['POST'])	
def test(self, **kwargs):
  record = request.env['library.book']  
  record.create(kwargs)


Any pointer to solve this would be appreciated.

Avatar
Discard
Avatar
pam
Author Best Answer

I can't comment since I don't have enough Karma so I have to post this way. 

Thanks Raaj, appreciate your efforts. My post request is supposed to come from a third party like an API though. I figured out by setting `csrf=False` and adding sudo like so

record = request.env['library.book'].sudo()

I get my post request inserted into my model as wanted. However, I was wondering if there is way to get rid of the sudo()?

Avatar
Discard
Raaj Mishra

If you are doing the operations using superuser of the system i.e, Admin then sudo() not required, but if the logged in user is not having the superuser access right,in that case we need to use sudo(), however under settings->user->select the user->Administration drop-down and there you can select settings and can configure other rights also.So in that case i hope we don't need to use sudo() for creating and storing the records.

Avatar
Raaj Mishra
Best Answer

Hi Pam, as far I can unserstand you want to store the Book name and Author id using a POST request.Please have a look at the procedure below and give a try.

Create an HTML file:

<html>

    <link href="http://code.jquery.com/ui/1.10.4/themes/ui-lightness/jquery-ui.css" rel="stylesheet">

    <script src="http://code.jquery.com/jquery-1.10.2.js"></script>

    <script src="http://code.jquery.com/ui/1.10.4/jquery-ui.js"></script>

        <div id="ehtml_form">

        <form method="POST" action="http://0.0.0.0:8069/form/insert_library_book">

        <label for="book_name"><b>Book Name(*)</b></label>

        <input type="text" id="book_name" name="book_name" required/><br>

        <label for="author_name"><b>Author Name(*)</b></label>

        <input type="text" id="author_name" name="author_name" required/><br> <br>

        <input type="hidden" name="form_id" value="8"/>

        <input type="submit" value="Submit Form"/>

        </form>

        </div>

</html>

Then write a controller method like,

@http.route('/form/insert_library_book', type='http', website=True, auth="public" ,csrf=False)

def insert_library_book(self, **kwargs):

    record = request.env['library.book']

    record.create(kwargs)

Avatar
Discard
Related Posts Replies Views Activity
[9.0] HTTP POST request, how to solve this error ? Solved
request http post 9.0
Avatar
2
Apr 16
4215
information request
request
Avatar
Avatar
1
Jun 24
1285
Get POST parameters from an incoming request to a controller Solved
parameters request controllers post odooV13
Avatar
Avatar
1
Sep 22
15494
Exception: Object Unbound in request Solved
request
Avatar
Avatar
9
Nov 16
14380
GET/POST Requests in Odoo to External API
get post
Avatar
Avatar
1
Feb 25
18916