我在flask应用程序中的一个端点为每个请求返回400,我完全不知道为什么。
有人能帮我理解这个问题吗?此外,有没有任何工具可以调试烧瓶中的400条消息?
这是请求cURL:
curl --location --request POST 'https://vegaz.bet/api/tibiacoin/confirmation'
--header 'Authorization: Bearer token_here'
--header 'Content-Type: application/json'
--header 'Cookie: session_cookie_here'
--data-raw '{
"id": "620ef8bafb429c69efca3546",
"amount": 25,
"status": "OK",
"character": "Denis Santos"
}'
这就是终点:
@api_blueprint.route("/tibiacoin/confirmation", methods=["POST"])
def tibicoin_withdrawal_confirmation():
validate headers
auth_token = request.headers.get("Authorization")
if auth_token != "Bearer " + os.environ["TOKEN"]:
response_dict = {"status": False}
return jsonify(response_dict)
content = request.get_json()
withdrawal_id = content["id"]
withdrawal_status = content["status"]
if withdrawal_status == "OK":
withdrawal_object = TibiaWithdrawal.objects(pk=withdrawal_id)[0]
withdrawal_object.is_processed = True
withdrawal_object.save()
response_dict = {"status": True}
return jsonify(response_dict)
刚刚发现,我使用了来自烧瓶WTForms的CRSF保护。由于这个特定的端点是API端点,我需要通过向视图添加以下代码来删除保护:
from app import csrf
@api_blueprint.route("/tibiacoin/confirmation", methods=["POST"])
@csrf.exempt
def tibicoin_withdrawal_confirmation():
...