Cannot Save Changes On Admin With Middleware

Question

Cannot Save Changes On Admin With Middleware

9mido opened this issue 4 years ago · 4 comments

Using the combined middleware of this app, HoneypotMiddleware, I cannot save anything I try to change on admin without getting the 400 bad request error page honeypot/honeypot_error.html.

Nothing is entered into the value that the honeypot input field uses when I try to save.

Removing the middleware and honeypot configuration from settings.py completely fixed the problem. It would still be useful to have django-honeypot work even on admin pages.

Answer 1 · 2020-06-15T19:13:18.000Z

Can you give a bit more context? Most helpful would be a small isolated case, but any code you can share to reproduce would be appreciated.

…

On Sat, Jun 13, 2020 at 11:44 PM 9mido ***@***.***> wrote: Using the middleware of this app, I cannot save anything I do on admin without getting the 400 bad request error page. Nothing is entered into the value that the honeypot input field uses. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#30>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAAB6YXU5LOHX3IHGOBNH2DRWRBP3ANCNFSM4N5IOYTQ> .

Answer 2 · 2020-06-15T19:28:19.000Z

Using the latest Django 3 and Python 3

INSTALLED_APPS = ['honeypot',]

MIDDLEWARE = ['honeypot.middleware.HoneypotMiddleware',]

BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))

TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
        'DIRS': [os.path.join(BASE_DIR,"templates")],
        'APP_DIRS': True,
    }
]

HONEYPOT_FIELD_NAME = "name"
HONEYPOT_VALUE = ""

Added the following CSS to admin to make the honeypot input invisible on admin pages:

https://stackoverflow.com/a/37317429

project_name/static/css/admin-extra.css:

.form-input{
        opacity: 0;
        position: absolute;
        top: 0;
        left: 0;
        height: 0;
        width: 0;
        z-index: -1;
}

project_name/templates/honeypot/honeypot_error.html:

<title>400 Bad Request</title>
<meta name="description" content="Error Request aborted">

<h1>400 Bad Request</h1>
<p>Error Request aborted.</p>

project_name/templates/honeypot/honeypot_field.html:

<div class="form-input">

        <input type="text" name="{{fieldname}}" value="{{value}}" />
</div>

project_name/templates/admin/base_site.html:

{% extends "admin/base.html" %}
{% load static %}

{% block title %}{{ title }} | {{ site_title|default:_('Django site admin') }}{% endblock %}

{% block extrastyle %}{{ block.super }}<link rel="stylesheet" type="text/css" href="{% static "css/admin-extra.css" %}" />{% endblock %}

{% block branding %}
<h1 id="site-name"><a href="{% url 'admin:index' %}">{{ site_header|default:_('Django administration') }}</a></h1>
{% endblock %}

{% block nav-global %}{% endblock %}

The HTML templates that are overridden are located in:

project_name/templates/honeypot/
project_name/templates/admin/

Possible that an outdated package is causing the problem?

The chrome inspect error tab shows the change/ error at 127.0.0.1:8000/admin/app_name/1/change/ when clicking save on admin only for a specific django app.

change/ | 400 | document | Other | 509 B | 41 ms

If using the chrome inspect network tab on something like 127.0.0.1:8000/admin/account/emailaddress/1/change/ and try to change something on that link, the save button works.

change/ | 302 | text/html | Other | 800 B | 55 ms

Answer 3 · 2020-06-22T01:18:21.000Z

@jamesturk According to a django expert I asked on reddit, it seems that this is happening because "If you have another field on the submission that has name="name" then this will cause the failure."

Changing the HONEYPOT_FIELD_NAME = "field-name" for example causes the save functionality to work again.

Answer 4 · 2020-06-22T13:31:05.000Z

Thanks, I'll add a warning to the docs about this.