This question has been flagged
2 Replies
17461 Views
requestpostCSRF
Avatar
pam

I'm new to Odoo and trying to understand the basics of how to save data to your model from a POST request like the following

curl -X POST --data "name=Mysterious Odoo&author_ids=Doge" http://0.0.0.0:8069/test

I couldn't find any examples online and the docs don't help me either. In Odoo Development Cookbook it says Odoo intermingles with GET and POST parameters and passes them as keyword argument to the handler. However, I can't get my code running without getting `400 Bad Request. Invalid CSRF Token`: 

@http.route('/test', type='http', auth='none', methods=['POST'])	
def test(self, **kwargs):
  record = request.env['library.book']  
  record.create(kwargs)


Any pointer to solve this would be appreciated.

Avatar
Discard
Avatar
pam
Author Best Answer

I can't comment since I don't have enough Karma so I have to post this way. 

Thanks Raaj, appreciate your efforts. My post request is supposed to come from a third party like an API though. I figured out by setting `csrf=False` and adding sudo like so

record = request.env['library.book'].sudo()

I get my post request inserted into my model as wanted. However, I was wondering if there is way to get rid of the sudo()?

Avatar
Discard
Raaj Mishra

If you are doing the operations using superuser of the system i.e, Admin then sudo() not required, but if the logged in user is not having the superuser access right,in that case we need to use sudo(), however under settings->user->select the user->Administration drop-down and there you can select settings and can configure other rights also.So in that case i hope we don't need to use sudo() for creating and storing the records.

Avatar
Raaj Mishra
Best Answer

Hi Pam, as far I can unserstand you want to store the Book name and Author id using a POST request.Please have a look at the procedure below and give a try.

Create an HTML file:

<html>

    <link href="http://code.jquery.com/ui/1.10.4/themes/ui-lightness/jquery-ui.css" rel="stylesheet">

    <script src="http://code.jquery.com/jquery-1.10.2.js"></script>

    <script src="http://code.jquery.com/ui/1.10.4/jquery-ui.js"></script>

        <div id="ehtml_form">

        <form method="POST" action="http://0.0.0.0:8069/form/insert_library_book">

        <label for="book_name"><b>Book Name(*)</b></label>

        <input type="text" id="book_name" name="book_name" required/><br>

        <label for="author_name"><b>Author Name(*)</b></label>

        <input type="text" id="author_name" name="author_name" required/><br> <br>

        <input type="hidden" name="form_id" value="8"/>

        <input type="submit" value="Submit Form"/>

        </form>

        </div>

</html>

Then write a controller method like,

@http.route('/form/insert_library_book', type='http', website=True, auth="public" ,csrf=False)

def insert_library_book(self, **kwargs):

    record = request.env['library.book']

    record.create(kwargs)

Avatar
Discard