#sqladmin and csrf hanging on model creation

1 messages · Page 1 of 1 (latest)

wind goblet Sep 27, 2024, 7:38 PM

Hello

I'm experiencing an issue using SQLAdminPlugin with CSRF protection. By default SQLAdmin forms do not have _csrf_token included. I added exclude /adm* into CSRFConfig but this results into infinite loading after attempt to create a model from admin (on a GET request somehow). Other endpoints strangely work (DELETE an entity for example)

The request on model creation just hangs forever.

csrf_config = CSRFConfig(secret=settings.server.SECRET_KEY, exclude=["/adm*"])

admin = SQLAdminPlugin(
    views=[UserAdmin, DecisionsAdmin],
    engine=settings.db.get_engine(),
    base_url="/adm",
)

wind goblet Sep 28, 2024, 6:59 AM

reproduction: just trying to create a User model from /admin

engine = create_async_engine("sqlite+aiosqlite:///example.db")
Base = declarative_base()


class User(Base):
    __tablename__ = "users"

    id = Column(Integer, primary_key=True)
    name = Column(String)


class UserAdmin(ModelView, model=User):
    column_list = [User.id, User.name]


async def on_startup() -> None:
    async with engine.begin() as conn:
        await conn.run_sync(Base.metadata.create_all)  # Create tables


admin = SQLAdminPlugin(views=[UserAdmin], engine=engine)
csrf_config = CSRFConfig(secret="abc", exclude=["/admin*"])


def create_app() -> Litestar:
    return Litestar(
        on_startup=[on_startup],
        plugins=[
            alchemy,
            granian,
            admin,
        ],
        csrf_config=csrf_config,
    )

app = create_app()