Search code examples
pythondjangopinax

I am learning django, when I use Pinax Likes, there is a 405 error


Django 2.2.1

When I use Pinax Likes(https://github.com/pinax/pinax-likes), there is a 405 error.

The steps are as follows:

  • pip3 install pinax-likes

  • Added 'pinax.likes', to the project's settings.py file, then added:

PINAX_LIKES_LIKABLE_MODELS = {
    "app.Post": {}
}
  • Added
re_path(r'^likes/', include(('pinax.likes.urls', 'pinax_likes'), namespace='pinax_likes')),

to the project's urls.py file,

  • Download the files in the https://github.com/pinax/pinax-templates/tree/master/pinax/templates/templates/pinax/likes,

put these html files in /home/www/venv/templates/pinax/likes/,

  • Added
{% load pinax_likes_tags %}
{% likes_widget request.user post %}

to the post.html file,

The console displays the following information:

Method Not Allowed (GET): /likes/like/14:13/ Method Not Allowed: /likes/like/14:13/ [29/May/2019 10:00:00] "GET /likes/like/14:13/ HTTP/1.1" 405 0

  • Then i added <script src="{% static 'eldarion-ajax.min.js' %}"></script> in base.html,

After clicked the icon, the console displays the following information:

Forbidden (CSRF token missing or incorrect.): /likes/like/14:13/ [29/May/2019 10:01:31] "POST /likes/like/14:13/ HTTP/1.1" 403 2513

What are the steps wrong? Thank you!


Solution

  • I don't see how pinax-likes widget can actually work with the current code. It's broken. I see you opened an issue, if someone is still actively maintaining it they might fix it. Or you could fix it and propose a pull request.

    There are two problems with the {% likes_widget %}:

    1. It cannot work without ajax, because it's just an link, i.e. it will send a GET request to your view. But the view expects a POST request, which is logical, since liking makes a change to the database and so it should be a POST. Therefore, without ajax, the view throws a 405 error.

    2. It uses eldarion-ajax to make the ajax POST request, but since again it's just a a.click event, it won't post any data, i.e. it doesn't post the CSRF token. The view won't allow the missing token (it doesn't have the @csrf_exempt decorator), so it throws a 403 error.

    Now the only way I see around this is to write your own HTML and/or ajax and not use the likes_widget.

    1. You can wrap the like button in a form and replace the like button with a <button> that submits the form (instead of an <a> tag). This way, you can include the {% csrf_token %} tag in the form and the post will work. This will refresh the page.

    2. You can write your own ajax call to handle a click on the like button and post to the same view and include the csrftoken in the data posted.

    This is fairly simple to implement, you can use the existing pinax like view, so it's only a change in your HTML template.