SQLFORM.factory with upload field - the operation is insecure

[Jim S]

I've got an issue that is really puzzling me.

I have a form, SQLFORM.factory with one field, an upload field.

When I click on submit to submit the form (adding a new record), I get a javascript error that flashes by quickly in Firebug.  All I can get from it is that the text says 'the operation is insecure'.

Here is the controller code:

@auth.requires_permission('select', db.helpdesk)
def attachments():
    ticket_id = request.vars['ticketId']
    ticket = db.ticket(ticket_id)


    updateQuery = db.ticket_attachment.ticket==ticket_id


    form = SQLFORM.factory(Field('attachment_file', 'upload', required=True,
                                 uploadfolder='%s/tickets' % (connect_util.getFileLocation('uploads'))),
                           table_name='ticket_attachment', submit_button='Add', formstyle=my_formstyle, ui=grid_ui,
                           formname='attachment_form', _id='attachment_form')


    if form.process(formname='attachment_form').accepted:
        attachment = form.vars.attachment_file
        db.ticket_attachment.insert(ticket=ticket_id, attachment=attachment)


        ticket_notification(ticket_id, 'new tag added',
                            'Tag %s added.' % (helpdesk_tag.tag),
                            log_activity=True)
    else:
        print 'err'

Here is the view

<script type="text/javascript">
    function delete_attachment(ticket_attachment_id) {
        $.ajax({url: "{{=URL('ticket','delete_ticket_attachment',user_signature=True)}}",
                data: {ticket_attachment_id:ticket_attachment_id }})
        .fail(function() {
            alert('There was a problem removing the attachment from this ticket.  Please contact support.');
        })
        .success(function(msg) {
            location.reload();
        });
    }
</script>
<br />
<div class="col-sm-12 col-md-9 col-lg-6">
    {{=form.custom.begin}}
        <div class="col-sm-12" style="margin-bottom: 10px;">
            {{=form.custom.widget.attachment_file}}
            {{=form.custom.submit}}
        </div>
    {{=form.custom.end}}
    <table class="table" style="margin-left: 20px;">
        {{for attachment in ticket_attachments:}}
        <tr>
            <td>
                {{=attachment.attachment}}
            </td>
            {{if can_delete:}}
                <td>
                    <a href="javascript:void(0);" onclick="delete_attachment({{=attachment.ticket_attachment.id}});"><i class="fa fa-trash-o"></i></a>
                </td>
            {{pass}}
        </tr>
        {{pass}}
    </table>
</div>

Any ideas on what may be causing this or how to capture the javascript error?

-Jim

[Cynthia Butler]

Did you find an answer to this? Just curious. Thanks.

[Jim Steil]

Yes.  The issue was that I had it in a loaded component.  That is not supported and doesn't work.  And,  I know better,  I've ran into this before and just forgot about that restriction this time.

Jim

--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to a topic in the Google Groups "web2py-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/NGmfPpUVvds/unsubscribe.
To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Cynthia Butler]

Thank you, very helpful info to me.