fix: import preset not working behind nginx due to long url/csrf missing

2026-04-24 17:48:41 +02:00 · 2025-01-24 16:06:47 -03:00
parent dbea78cd3c
commit 97465c07fe
15 changed files with 12 additions and 45 deletions
--- a/app/apps/accounts/views/account_groups.py
+++ b/app/apps/accounts/views/account_groups.py
@@ -2,9 +2,7 @@ from django.contrib import messages
 from django.contrib.auth.decorators import login_required
 from django.http import HttpResponse
 from django.shortcuts import render, get_object_or_404
 from django.urls import reverse
 from django.utils.translation import gettext_lazy as _
 from django.views.decorators.csrf import csrf_exempt
 from django.views.decorators.http import require_http_methods
 from apps.accounts.forms import AccountGroupForm
@@ -89,7 +87,6 @@ def account_group_edit(request, pk):
@only_htmx
@login_required
@csrf_exempt
@require_http_methods(["DELETE"])
 def account_group_delete(request, pk):
    account_group = get_object_or_404(AccountGroup, id=pk)
--- a/app/apps/accounts/views/accounts.py
+++ b/app/apps/accounts/views/accounts.py
@@ -2,9 +2,7 @@ from django.contrib import messages
 from django.contrib.auth.decorators import login_required
 from django.http import HttpResponse
 from django.shortcuts import render, get_object_or_404
 from django.urls import reverse
 from django.utils.translation import gettext_lazy as _
 from django.views.decorators.csrf import csrf_exempt
 from django.views.decorators.http import require_http_methods
 from apps.accounts.forms import AccountForm
@@ -89,7 +87,6 @@ def account_edit(request, pk):
@only_htmx
@login_required
@csrf_exempt
@require_http_methods(["DELETE"])
 def account_delete(request, pk):
    account = get_object_or_404(Account, id=pk)
--- a/app/apps/currencies/views/currencies.py
+++ b/app/apps/currencies/views/currencies.py
@@ -2,9 +2,7 @@ from django.contrib import messages
 from django.contrib.auth.decorators import login_required
 from django.http import HttpResponse
 from django.shortcuts import render, get_object_or_404
 from django.urls import reverse
 from django.utils.translation import gettext_lazy as _
 from django.views.decorators.csrf import csrf_exempt
 from django.views.decorators.http import require_http_methods
 from apps.common.decorators.htmx import only_htmx
@@ -89,7 +87,6 @@ def currency_edit(request, pk):
@only_htmx
@login_required
@csrf_exempt
@require_http_methods(["DELETE"])
 def currency_delete(request, pk):
    currency = get_object_or_404(Currency, id=pk)
--- a/app/apps/currencies/views/exchange_rates.py
+++ b/app/apps/currencies/views/exchange_rates.py
@@ -1,12 +1,11 @@
 from django.contrib import messages
 from django.contrib.auth.decorators import login_required
 from django.core.paginator import Paginator
-from django.db.models import F, CharField, Value
+from django.db.models import CharField, Value
 from django.db.models.functions import Concat
 from django.http import HttpResponse
 from django.shortcuts import render, get_object_or_404
 from django.utils.translation import gettext_lazy as _
 from django.views.decorators.csrf import csrf_exempt
 from django.views.decorators.http import require_http_methods
 from apps.common.decorators.htmx import only_htmx
@@ -135,7 +134,6 @@ def exchange_rate_edit(request, pk):
@only_htmx
@login_required
@csrf_exempt
@require_http_methods(["DELETE"])
 def exchange_rate_delete(request, pk):
    exchange_rate = get_object_or_404(ExchangeRate, id=pk)
--- a/app/apps/dca/views.py
+++ b/app/apps/dca/views.py
@@ -6,12 +6,11 @@ from django.db.models.functions import TruncMonth
 from django.http import HttpResponse
 from django.shortcuts import render, get_object_or_404
 from django.utils.translation import gettext_lazy as _
 from django.views.decorators.csrf import csrf_exempt
 from django.views.decorators.http import require_http_methods
 from apps.common.decorators.htmx import only_htmx
 from apps.dca.models import DCAStrategy, DCAEntry
 from apps.dca.forms import DCAEntryForm, DCAStrategyForm
 from apps.dca.models import DCAStrategy, DCAEntry
@login_required
@@ -82,7 +81,6 @@ def strategy_edit(request, strategy_id):
@only_htmx
@login_required
@csrf_exempt
@require_http_methods(["DELETE"])
 def strategy_delete(request, strategy_id):
    dca_strategy = get_object_or_404(DCAStrategy, id=strategy_id)
@@ -209,7 +207,6 @@ def strategy_entry_edit(request, strategy_id, entry_id):
@only_htmx
@login_required
@csrf_exempt
@require_http_methods(["DELETE"])
 def strategy_entry_delete(request, entry_id, strategy_id):
    dca_entry = get_object_or_404(DCAEntry, id=entry_id, strategy__id=strategy_id)
--- a/app/apps/import_app/views.py
+++ b/app/apps/import_app/views.py
@@ -5,15 +5,14 @@ from django.contrib.auth.decorators import login_required
 from django.core.files.storage import FileSystemStorage
 from django.http import HttpResponse
 from django.shortcuts import render, get_object_or_404
 from django.views.decorators.csrf import csrf_exempt
 from django.views.decorators.http import require_http_methods
 from django.utils.translation import gettext_lazy as _
 from django.views.decorators.http import require_http_methods
 from apps.common.decorators.htmx import only_htmx
 from apps.import_app.forms import ImportRunFileUploadForm, ImportProfileForm
 from apps.import_app.models import ImportRun, ImportProfile
 from apps.import_app.tasks import process_import
 from apps.import_app.services import PresetService
 from apps.import_app.tasks import process_import
 def import_view(request):
@@ -66,9 +65,9 @@ def import_profile_list(request):
@login_required
@require_http_methods(["GET", "POST"])
 def import_profile_add(request):
-    message = request.GET.get("message", None) or request.POST.get("message", None)
+    message = request.POST.get("message", None)
-    if request.method == "POST":
+    if request.method == "POST" and request.POST.get("submit"):
        form = ImportProfileForm(request.POST)
        if form.is_valid():
@@ -84,9 +83,9 @@ def import_profile_add(request):
    else:
        form = ImportProfileForm(
            initial={
-                "name": request.GET.get("name"),
+                "name": request.POST.get("name"),
-                "version": int(request.GET.get("version", 1)),
+                "version": int(request.POST.get("version", 1)),
-                "yaml_config": request.GET.get("yaml_config"),
+                "yaml_config": request.POST.get("yaml_config"),
            }
        )
@@ -128,7 +127,6 @@ def import_profile_edit(request, profile_id):
@only_htmx
@login_required
@csrf_exempt
@require_http_methods(["DELETE"])
 def import_profile_delete(request, profile_id):
    profile = ImportProfile.objects.get(id=profile_id)
@@ -213,7 +211,6 @@ def import_run_add(request, profile_id):
@only_htmx
@login_required
@csrf_exempt
@require_http_methods(["DELETE"])
 def import_run_delete(request, profile_id, run_id):
    run = ImportRun.objects.get(profile__id=profile_id, id=run_id)
--- a/app/apps/rules/views.py
+++ b/app/apps/rules/views.py
@@ -3,7 +3,6 @@ from django.contrib.auth.decorators import login_required
 from django.http import HttpResponse
 from django.shortcuts import render, get_object_or_404, redirect
 from django.utils.translation import gettext_lazy as _
 from django.views.decorators.csrf import csrf_exempt
 from django.views.decorators.http import require_http_methods
 from apps.common.decorators.htmx import only_htmx
@@ -118,7 +117,6 @@ def transaction_rule_view(request, transaction_rule_id):
@only_htmx
@login_required
@csrf_exempt
@require_http_methods(["DELETE"])
 def transaction_rule_delete(request, transaction_rule_id):
    transaction_rule = get_object_or_404(TransactionRule, id=transaction_rule_id)
@@ -201,7 +199,6 @@ def transaction_rule_action_edit(request, transaction_rule_action_id):
@only_htmx
@login_required
@csrf_exempt
@require_http_methods(["DELETE"])
 def transaction_rule_action_delete(request, transaction_rule_action_id):
    transaction_rule_action = get_object_or_404(
--- a/app/apps/transactions/views/categories.py
+++ b/app/apps/transactions/views/categories.py
@@ -2,9 +2,7 @@ from django.contrib import messages
 from django.contrib.auth.decorators import login_required
 from django.http import HttpResponse
 from django.shortcuts import render, get_object_or_404
 from django.urls import reverse
 from django.utils.translation import gettext_lazy as _
 from django.views.decorators.csrf import csrf_exempt
 from django.views.decorators.http import require_http_methods
 from apps.common.decorators.htmx import only_htmx
@@ -111,7 +109,6 @@ def category_edit(request, category_id):
@only_htmx
@login_required
@csrf_exempt
@require_http_methods(["DELETE"])
 def category_delete(request, category_id):
    category = get_object_or_404(TransactionCategory, id=category_id)
--- a/app/apps/transactions/views/entities.py
+++ b/app/apps/transactions/views/entities.py
@@ -3,7 +3,6 @@ from django.contrib.auth.decorators import login_required
 from django.http import HttpResponse
 from django.shortcuts import render, get_object_or_404
 from django.utils.translation import gettext_lazy as _
 from django.views.decorators.csrf import csrf_exempt
 from django.views.decorators.http import require_http_methods
 from apps.common.decorators.htmx import only_htmx
@@ -110,7 +109,6 @@ def entity_edit(request, entity_id):
@only_htmx
@login_required
@csrf_exempt
@require_http_methods(["DELETE"])
 def entity_delete(request, entity_id):
    entity = get_object_or_404(TransactionEntity, id=entity_id)
--- a/app/apps/transactions/views/installment_plans.py
+++ b/app/apps/transactions/views/installment_plans.py
@@ -4,7 +4,6 @@ from django.http import HttpResponse
 from django.shortcuts import render, get_object_or_404
 from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
 from django.views.decorators.csrf import csrf_exempt
 from django.views.decorators.http import require_http_methods
 from apps.common.decorators.htmx import only_htmx
@@ -152,7 +151,6 @@ def installment_plan_refresh(request, installment_plan_id):
@only_htmx
@login_required
@csrf_exempt
@require_http_methods(["DELETE"])
 def installment_plan_delete(request, installment_plan_id):
    installment_plan = get_object_or_404(InstallmentPlan, id=installment_plan_id)
--- a/app/apps/transactions/views/recurring_transactions.py
+++ b/app/apps/transactions/views/recurring_transactions.py
@@ -1,5 +1,4 @@
 from dateutil.relativedelta import relativedelta
 from django.contrib import messages
 from django.contrib.auth.decorators import login_required
 from django.db.models import Q
@@ -7,7 +6,6 @@ from django.http import HttpResponse
 from django.shortcuts import render, get_object_or_404
 from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
 from django.views.decorators.csrf import csrf_exempt
 from django.views.decorators.http import require_http_methods
 from apps.common.decorators.htmx import only_htmx
@@ -230,7 +228,6 @@ def recurring_transaction_finish(request, recurring_transaction_id):
@only_htmx
@login_required
@csrf_exempt
@require_http_methods(["DELETE"])
 def recurring_transaction_delete(request, recurring_transaction_id):
    recurring_transaction = get_object_or_404(
--- a/app/apps/transactions/views/tags.py
+++ b/app/apps/transactions/views/tags.py
@@ -3,7 +3,6 @@ from django.contrib.auth.decorators import login_required
 from django.http import HttpResponse
 from django.shortcuts import render, get_object_or_404
 from django.utils.translation import gettext_lazy as _
 from django.views.decorators.csrf import csrf_exempt
 from django.views.decorators.http import require_http_methods
 from apps.common.decorators.htmx import only_htmx
@@ -110,7 +109,6 @@ def tag_edit(request, tag_id):
@only_htmx
@login_required
@csrf_exempt
@require_http_methods(["DELETE"])
 def tag_delete(request, tag_id):
    tag = get_object_or_404(TransactionTag, id=tag_id)
--- a/app/apps/transactions/views/transactions.py
+++ b/app/apps/transactions/views/transactions.py
@@ -8,7 +8,6 @@ from django.http import HttpResponse
 from django.shortcuts import render, get_object_or_404
 from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
 from django.views.decorators.csrf import csrf_exempt
 from django.views.decorators.http import require_http_methods
 from apps.common.decorators.htmx import only_htmx
@@ -143,7 +142,6 @@ def transaction_clone(request, transaction_id, **kwargs):
@only_htmx
@login_required
@csrf_exempt
@require_http_methods(["DELETE"])
 def transaction_delete(request, transaction_id, **kwargs):
    transaction = get_object_or_404(Transaction, id=transaction_id)
--- a/app/templates/import_app/fragments/profiles/list_presets.html
+++ b/app/templates/import_app/fragments/profiles/list_presets.html
@@ -20,7 +20,7 @@
  {% for preset in presets %}
    <a class="text-decoration-none"
       role="button"
-       hx-get="{% url 'import_profiles_add' %}"
+       hx-post="{% url 'import_profiles_add' %}"
       hx-vals='{"yaml_config": {{ preset.config }}, "name": "{{ preset.name }}", "version": "{{ preset.schema_version }}", "message": {{ preset.message }}}'
       hx-target="#generic-offcanvas">
--- a/app/templates/layouts/base.html
+++ b/app/templates/layouts/base.html
@@ -28,7 +28,8 @@
  <body class="font-monospace">
    <div _="install hide_amounts
            install htmx_error_handler
-           {% block body_hyperscript %}{% endblock %}">
+           {% block body_hyperscript %}{% endblock %}"
          hx-headers='{"X-CSRFToken": "{{ csrf_token }}"}'>
      {% include 'includes/navbar.html' %}
      <div id="content">