Skip to content

Latest commit

 

History

History
282 lines (191 loc) · 9.03 KB

README.rst

File metadata and controls

282 lines (191 loc) · 9.03 KB

Open Forms Client (for Django)

Version:0.4.0
Source:https://github.com/open-formulieren/open-forms-client-django
Keywords:Open Forms, Client, Django
PythonVersion:3.9 - 3.11
DjangoVersion:3.2 - 4.0

Build status Code quality checks black Coverage status

python-versions django-versions pypi-version

About

Easily integrate Open Forms in your Django application. There are 3 main features:

  1. Configuration to connect to Open Forms is added to your Django admin.
  2. By adding an OpenFormsField in any Django model, you get a list of forms in Open Forms to choose from in the Django admin or other Django forms.
  3. You get templatetags to render an Open Forms form in your webpage.

If you have Sentry installed and you enable Sentry in the Django admin configuration page, it will use your existing configuration to connect to Sentry.

Ordered dashboard with dropdown menu. Ordered dashboard with dropdown menu. Ordered dashboard with dropdown menu.

Installation

Requirements

  • Python 3.9 or newer
  • Django 3.2 or newer

Install

You can install Open Forms Client either via the Python Package Index (PyPI) or from source.

To install using pip:

pip install django-open-forms-client

Usage

To use this with your project you need to follow these steps:

  1. Add open_forms_client to INSTALLED_APPS in your Django project's settings.py:

    INSTALLED_APPS = (
        # ...,
        "openformsclient",
    )
  2. Add an OpenFormsField to your relevant models (like a Page model):

    from openformsclient.models import OpenFormsField
    
    class Page(models.Model):
        # ...
        form = OpenFormsSlugField(blank=True)

    There is also a OpenFormsUUIDField that stores the UUID of the form instead of the "slug". This is more precise but if someone replaces a form in Open Forms, the UUID will change but the slug might remain the same.

  3. Add the templatetags {% openforms_sdk_media %} and {% openforms_form page.form %} to your templates, to render an Open Forms form:

    {% load openforms %}
    <!-- Optional to render Open Forms in the proper language -->
    <html lang="nl">
    <head>
        <!-- Required for icons used by Open Forms -->
        <meta charset="utf-8">
    
        {% openforms_sdk_media %}
    </head>
    <body>
    
    {% if page.form %}
        {% openforms_form page.form %}
    {% else %}
        <p>This page has no form</p>
    {% endif %}
    
    </body>
    </html>
  4. Configure your Open Forms connection and settings in the admin, under Open Forms client configuration. Once the status field shows a green icon, your configuration is working.

  5. Done.

Templatetags

There are 4 templatetags available with several parameters. All parameters translate to Open Forms SDK parameters.

{% load openforms %}
{% openforms_form form_id csp_nonce base_path lang html_id %}
{% openforms_sdk_media %}
{% openforms_sdk_js %}
{% openforms_sdk_css %}

Gotcha's

Open Forms configuration

Note that these are not settings in your own webapplication but they should be set correctly in the Open Forms installation.

  • ALLOWED_HOSTS contains your domain name.
  • CSRF_TRUSTED_ORIGINS contains your domain name.
  • CSRF_COOKIE_SAMESITE should be "none".

CSP headers

When your webapplication uses CSP headers you need to pass the csp_nonce to the openforms_form templatetag as well. If you use Django-CSP you can do this:

{% load openforms %}
{% openforms_form page.form csp_nonce=request.csp_nonce %}

Additionally, you need to allow your webapplication to load styles and scripts from the Open Forms SDK and connect to the Open Forms API. When using Django-CSP some options need to be changed in your settings.py:

# The Open Forms SDK files might differ from the API domain. Note that this
# the same domain as configured in the Open Forms configuration model. You
# might do something smart to use that value here.
OPEN_FORMS_API_DOMAIN = "forms.example.com"
OPEN_FORMS_SDK_DOMAIN = OPEN_FORMS_API_DOMAIN

# Allow your webapp to load styles from Open Forms SDK.
CSP_STYLE_SRC = ("'self'", OPEN_FORMS_SDK_DOMAIN)

# Allow your webapp to load script from Open Forms SDK.
CSP_SCRIPT_SRC = ("'self'", OPEN_FORMS_SDK_DOMAIN)

# Allow your webapp to load images from Open Forms SDK.
CSP_IMG_SRC = ("'self'", OPEN_FORMS_SDK_DOMAIN)

# Allow your webapp to load fonts from Open Forms SDK.
CSP_FONT_SRC = ("'self'", OPEN_FORMS_SDK_DOMAIN)

# Allow your webapp to connect to the Open Forms API.
CSP_CONNECT_SRC = ("'self'", OPEN_FORMS_API_DOMAIN)

Make page refreshes work

The URL changes when you start a form, indicating the step you are currently on. Refreshing the page will result in a HTTP 404 because this URL does not actually exist. You need to catch these URL-patterns and redirect the user back to the form. You can so like this:

# urls.py

# The view thats starts the form
path("page/<slug:slug>", PageView.as_view(), name="page"),
# Whenever you refresh the page that has the form, the URL might be changed
# and needs to redirect the user to the start of the form.
path("page/<slug:slug>/<path:rest>", PageView.as_view()),

Form shows a CSRF error

This can have many reasons because by default, you typically don't want cross-site requests. The whole point of this client however, is to allow cross-site requests from your website to Open Forms.

Make sure your (not Open Forms) SECURE_REFERER_POLICY Django setting is set to origin-when-cross-origin or less strict. In Django 3.1 this was made more strict by default.

If this is set correctly and you still get this error, see above settings if your Open Forms installation was correctly configured.

Form won't start

If you can see the form startpage but when you click "start" it doesn't do anything (or you see a CSRF error in your browser log), you are most likely logged in to Open Forms as admin user. Log out of Open Forms or use incognito mode to start the form.

This is a known issue.

Licence

Copyright © Maykin Media B.V., 2022

Licensed under the MIT.