I wanted to have signed URL everywhere. For that, I added user_signature=True to all my URL(). The grid has that as a default. At this point everything worked with @requires_login() except one special case (I believe this special case may be related to the same issue I'm facing with this I describe here).
Then I added a var called sid (for session id) to every URL() which I use to identify the session (this way I'm able to distinguish ebetween 2 browser tabs). At this point everything worked with @requires_login() except the special case I mentioned above. Then I replaced @auth.requires_login() with @auth.requires_signature() and I'm able to access the grid but not the edit form. I receive a Not Authorized message. In all these tests I'm logged in. If I remove the sid var and keep the @auth.requires_signature() everything works. If I replace the@auth.requires_signature() with @auth.requires_login() and keep the sid var everything works. Only the combination of both doesn't work. domingo, 21 de Abril de 2019 às 14:07:42 UTC+1, Anthony escreveu: > > Can you show your code? I cannot reproduce this exact behavior. > > Note, because the default behavior of @auth.requires_signature() is to > include the query string when creating the signature, any functionality of > the grid that uses the query string should not work, as the grid does not > generate signatures for those links. > > In any case, the grid already has built-in support for signed URLs for any > write operations -- do you need more than that? > > Anthony > > On Saturday, April 20, 2019 at 4:03:17 PM UTC-4, João Matos wrote: >> >> If I replace @auth_requires_login() with @auth.requires_signature() to my >> index function (controller's main function) where a grid is created, the >> grid shows up without any issue, but if I try to edit a row, I get a Not >> Authorized message. >> >> Anyone has any idea why this is happening? >> >> If I replace @auth.requires_signature() with @auth.requires_login() >> everything works. >> > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
