I have a simple python flask app. When one of my users comments on my home page, I want to redirect them right back to the home page. Currently, I have the same route that handles the home page and commenting. It looks like this:
@app.route('/home', methods=['POST', 'GET'])
@login_required
def home():
form = CommentForm()
user = User.query.filter_by(username=current_user.username).first()
house = House.query.filter_by(owner_id = current_user.id).first()
neighbors = Neighbors.query.filter_by(houseid=house.id).all()
if user.id == current_user.id:
if form.validate_on_submit():
time = strftime("%a, %b %d %Y %X", localtime())
comment = Commentsection(houseid = house.id, commentbody = form.body.data, times = str(time), commenter=user.username, commenterid=user.id, commenterpic = user.image_file )
db.session.add(comment)
db.session.commit()
link = url_for('add', invite_token=house.linkinv, _external=True)
comments = Commentsection.query.filter_by(houseid=house.id).order_by(Commentsection.id.desc()).all()
return redirect(url_for('home', title='Home', house=house, form=form, comments=comments, link=link, neighbors=neighbors))
else:
link = url_for('add', invite_token=house.linkinv, _external=True)
comments = Commentsection.query.filter_by(houseid=house.id).order_by(Commentsection.id.desc()).all()
return render_template('home.html', tite='Home', house=house, form=form, comments=comments, link=link, neighbors=neighbors)
When the user submits the comment, the code is ran and the form is validated. When the form is validated, it creates the comment model and commits it to the database. After, it redirects the user to that same page, to avoid the annoying "Would you like to submit this form again" popup in chrome. If I did not redirect, the form would continue to submit every time I reload the page. The problem is, when I redirect, the url_for thinks I am passing in url arguments instead of variables, and places them right into the url, resulting in something like this:
http://127.0.0.1:5000/home?`title=Home&house=House%28%27Nicks+Home%27%2C%2732+Ellridge+Place%27%2C%271%27%2C%29&form=%3Cdog_house.forms.CommentForm+object+at+0x04A75C10%3E&comments=Commentsection%28%2710%27%2C%271%27%2C%27Hello+world%27%2C%27nickdeb%27%2C%27default.jpg%27%2C%29&comments=Commentsection%28%279%27%2C%271%27%2C%27Hello+world%27%2C%27nickdeb%27%2C%27default.jpg%27%2C%29&comments=Commentsection%28%277%27%2C%271%27%2C%27Hello+world%27%2C%27nickdeb%27%2C%27default.jpg%27%2C%29&comments=Commentsection%28%276%27%2C%271%27%2C%27Nickkk%27%2C%27nickdeb%27%2C%27default.jpg%27%2C%29&comments=Commentsection%28%275%27%2C%271%27%2C%27Hello+man%27%2C%27nickdeb%27%2C%27default.jpg%27%2C%29&comments=Commentsection%28%274%27%2C%271%27%2C%27Nick%3F%27%2C%27nickdeb%27%2C%27default.jpg%27%2C%29&comments=Commentsection%28%273%27%2C%271%27%2C%27Hey+nick%27%2C%27nick%27%2C%27414f2185a17700081ecfff3c948527405e44c507f029d068.JPG%27%2C%29&comments=Commentsection%28%272%27%2C%271%27%2C%27Hello+world%27%2C%27nick%27%2C%27414f2185a17700081ecfff3c948527405e44c507f029d068.JPG%27%2C%29&comments=Commentsection%28%271%27%2C%271%27%2C%27Hello+world%27%2C%27nick%27%2C%27414f2185a17700081ecfff3c948527405e44c507f029d068.JPG%27%2C%29&link=%2Fhome&neighbors=%3CNeighbors+1%3E`
Instead of:
http://127.0.0.1:5000/home
As you can see, that url is veryyyy ugly compared to the second one and can possibly expose user data. With the variables still being passed to the html template. Is this possible?
TLDR; Pass arguments and variables to a redirect(url_for) without having the variables passed into the url directly.
