I am facing an error in Odoo v 10 with the contact form, when I press the send button it gives an exception:
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/odoo/addons/base/ir/ir_http.py", line 195, in _dispatch result = request.dispatch()
File "/usr/lib/python2.7/dist-packages/odoo/http.py", line 823, in dispatch raise werkzeug.exceptions.BadRequest('Session expired (invalid CSRF token)')
BadRequest: 400: Bad Request
If I add the code to load the CSRF token suggested in an issue of their Github to the form:
<input type="hidden" name="csrf_token" t-att-value="request.csrf_token()"/>
It leads me to a new blank page showing the word false.
In the "Web layout" I have the next javascript code:
<script type="text/javascript">
var odoo = {
csrf_token: "<t t-esc="request.csrf_token(None)"/>",
};
</script>
I don't know if this code was manually added or it came with Odoo by default because this is an inherited installation.
The "Contact us" block is configured with the Send an Email action and a valid Recipient email, the Thank You Page works.
This is the final code after adding the block (without the CSRF hidden input):
<section class="as-contact-us" style="background-image: url(/theme_laze/static/src/img/our-work.jpg)">
<div class="container">
... Company description elements ...
<div class="col-md-8">
<form action="/website_form/crm.lead" method="post" data-model_name="mail.mail" data-success_page="/page/website_crm.contactus_thanks" class="s_website_form form-horizontal container-fluid mt32" enctype="multipart/form-data">
<div class="ascu-form">
<div class="row">
<div class="col-md-6">
<input class="form-control o_website_form_input" name="contact_name" required="" placeholder="Your Name*" type="text"/>
</div>
<div class="col-md-6">
<input class="form-control o_website_form_input" name="email_from" required="" placeholder="Your Email*" type="text"/>
</div>
</div>
<div class="row">
<div class="col-md-12">
<textarea class="form-control o_website_form_input" name="description" required="" placeholder="Message*"/>
</div>
<div class="col-md-12">
<input type="hidden" name="csrf_token" t-att-value="request.csrf_token()"/>
<button class="creative-btn1 o_default_snippet_text">Send</button>
</div>
</div>
</div>
<input class="form-field" name="email_to" value="[email protected]" type="hidden"/>
</form>
</div>
... Div closures ...
</div>
</section>
Does somebody know where is the problem?
I wouldn't like to deactivate the CSRF protection.
