晚上好。我试图阻止用户使用reCaptcha v3进入我的网站。但是,尽管我的调试日志显示已发送GET请求并找到了页面,但无法加载执行此操作的模板:
routes.py的相关位
from flask import url_for, render_template, redirect, request, render_template_string
from flask import current_app as app
from .forms import *
from .filewriter import *
from .mailserver import *
from .rcvalidator import *
from flask_jsglue import JSGlue
jsglue = JSGlue(app)
@app.route('/', methods=('GET', 'POST'))
def home():
reqform = ReqForm()
delform = DelForm()
error = 0
if request.method == "POST":
gtoken = request.json['gtoken']
if not rc_form_valid(gtoken):
print("working")
return redirect(url_for('inv'))
return render_template('home.html',
reqform=reqform,
delform=delform,
csrf_token=0,
errors=error)
@app.route('/invalid')
def inv():
print("loaded inv")
return render_template_string("get out now")
同时打印“正在工作”和“已加载inv”。在我的layout.py中,向服务器发送了一个ajax JSON帖子以提供RC令牌:
layout.html
<!DOCTYPE html>
<html lang="en">
<head>
{{ JSGlue.include() }}
{% include 'meta.html' %}
{% block styles %}{% endblock %}
<script src="https://kit.fontawesome.com/e3deaeba31.js" crossorigin="anonymous"></script>
<script src="https://code.jquery.com/jquery-3.1.1.min.js"></script>
<script src="https://www.google.com/recaptcha/api.js?render=6LeRCuMUAAAAAEWkxJ1IsbM4h-RQbGuxDxCXmdtr"></script>
<link href="https://fonts.googleapis.com/css?family=Poppins:200,300,500" rel="stylesheet">
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js" integrity="sha384-ApNbgh9B+Y1QKtv3Rn7W3mgPxhU9K/ScQsAP7hUibX39j7fakFPskvXusvfa0b4Q" crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js" integrity="sha384-JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQxSfFWpi1MquVdAyjUar5+76PVCmYl" crossorigin="anonymous"></script>
<script>
var csrftoken = $('meta[name=csrf-token]').attr('content')
$.ajaxSetup({
beforeSend: function(xhr, settings) {
if (!/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type)) {
xhr.setRequestHeader("X-CSRFToken", csrftoken)
}
}
})
grecaptcha.ready(function() {
grecaptcha.execute('secret token is here', {action: 'homepage'})
.then(function(token) {
//appending the token to the end of the form so that the thing can go in and submit the token in the background and find the number
$.ajax({
type: "POST",
contentType: "application/json; charset=utf-8",
url: Flask.url_for("home"),
data: JSON.stringify({"gtoken":token}),
})
});
});
</script>
</head>
<body class="{{template}}">
{% block content %}{% endblock %}
{% block javascript %}{% endblock javascript %}
</body>
</html>
meta.html提供了相关变量。
日志:
* Serving Flask app "main" (lazy loading)
* Environment: production
WARNING: This is a development server. Do not use it in a production deployment.
Use a production WSGI server instead.
* Debug mode: on
* Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)
* Restarting with stat
* Debugger is active!
* Debugger PIN: 502-140-539
127.0.0.1 - - [26/Mar/2020 16:21:02] "GET / HTTP/1.1" 200 -
127.0.0.1 - - [26/Mar/2020 16:21:02] "GET /jsglue.js HTTP/1.1" 200 -
{'success': True, 'action': 'homepage', 'hostname': 'localhost', 'score': 0.9, 'challenge_ts': 'xxxxx'}
working
127.0.0.1 - - [26/Mar/2020 16:21:03] "POST / HTTP/1.1" 302 -
loaded inv
127.0.0.1 - - [26/Mar/2020 16:21:03] "GET /invalid HTTP/1.1" 200 -
日志到此结束,页面相同。请帮助
如果您使用GET请求访问您的网站,则条件if method == 'POST'为假,if下的所有命令都将被忽略。下一个命令是呈现观察到的模板“ home.html”。
也许您想在客户端发送POST请求并通过验证后重定向到您的网站?
@app.route('/', methods=('GET', 'POST'))
def home():
reqform = ReqForm()
delform = DelForm()
error = 0
if request.method == "POST":
gtoken = request.json['gtoken']
if not rc_form_valid(gtoken):
print("working")
return redirect(url_for('inv'))
else:
return redirect(url_for('main_website'))
return render_template('home.html',
reqform=reqform,
delform=delform,
csrf_token=0,
errors=error)