...

NorahUniversity/settings.py

@@ -25,7 +25,7 @@ SECRET_KEY = 'django-insecure-_!ew&)1&r--3h17knd27^x8(xu(&-f4q3%x543lv5vx2!784s*
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True
 
-ALLOWED_HOSTS = []
+ALLOWED_HOSTS = ["*"]
 
 # Application definition
 

NorahUniversity/urls.py

@@ -16,15 +16,23 @@ urlpatterns = [
     path('admin/', admin.site.urls),
     path('api/', include(router.urls)),
     path('accounts/', include('allauth.urls')),
-    path('i18n/', include('django.conf.urls.i18n')), 
+    path('i18n/', include('django.conf.urls.i18n')),
     path('summernote/', include('django_summernote.urls')),
+    # path('', include('recruitment.urls')),
+    path('<int:template_id>/', views.form_wizard_view, name='form_wizard'),
+    path('<int:template_id>/submit/', views.submit_form, name='submit_form'),
+
+    path('api/templates/', views.list_form_templates, name='list_form_templates'),
+    path('api/templates/save/', views.save_form_template, name='save_form_template'),
+    path('api/templates/<int:template_id>/', views.load_form_template, name='load_form_template'),
+    path('api/templates/<int:template_id>/delete/', views.delete_form_template, name='delete_form_template'),
 ]
 
-# 2. URLs that DO have a language prefix (user-facing views)
-# This includes the root path (''), which is handled by 'recruitment.urls'
 urlpatterns += i18n_patterns(
     path('', include('recruitment.urls')),
 )
+# 2. URLs that DO have a language prefix (user-facing views)
+# This includes the root path (''), which is handled by 'recruitment.urls'
 
 urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
 urlpatterns += static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)

recruitment/urls.py

@@ -64,15 +64,11 @@ urlpatterns = [
     path('forms/', views.form_templates_list, name='form_templates_list'),
     path('forms/create-template/', views.create_form_template, name='create_form_template'),
 
-    path('forms/form/<int:template_id>/', views.form_wizard_view, name='form_wizard'),
-    path('forms/form/<int:template_id>/submit/', views.submit_form, name='submit_form'),
-    path('forms/<int:form_id>/submissions/<int:s>/', views.form_submission_details, name='form_submission_details'),
+    # path('forms/form/<int:template_id>/submit/', views.submit_form, name='submit_form'),
+    # path('forms/form/<int:template_id>/', views.form_wizard_view, name='form_wizard'),
+    path('forms/<int:form_id>/submissions/<int:slug>/', views.form_submission_details, name='form_submission_details'),
     path('forms/template/<slug:slug>/submissions/', views.form_template_submissions_list, name='form_template_submissions_list'),
 
-    path('api/templates/', views.list_form_templates, name='list_form_templates'),
-    path('api/templates/save/', views.save_form_template, name='save_form_template'),
-    path('api/templates/<int:template_id>/', views.load_form_template, name='load_form_template'),
-    path('api/templates/<int:template_id>/delete/', views.delete_form_template, name='delete_form_template'),
     # path('forms/<int:form_id>/', views.form_preview, name='form_preview'),
     # path('forms/<int:form_id>/submit/', views.form_submit, name='form_submit'),
     # path('forms/<int:form_id>/embed/', views.form_embed, name='form_embed'),

recruitment/views.py

@@ -33,6 +33,7 @@ from .utils import (
     get_available_time_slots,
 )
 from django.views.decorators.csrf import ensure_csrf_cookie
+from django.views.decorators.http import require_POST
 from .models import (
     FormTemplate,
     FormStage,
@@ -844,10 +845,14 @@ def form_wizard_view(request, template_id):
     )
 
 
-@require_http_methods(["GET", "POST"])
+@require_POST
 def submit_form(request, template_id):
     """Handle form submission"""
-    print("request method", request.method)
+    print(f"Request method: {request}")
+    print(f"CSRF token in POST: {'csrfmiddlewaretoken' in request.POST}")
+    print(f"CSRF token value: {request.POST.get('csrfmiddlewaretoken', 'NOT FOUND')}")
+    print(f"POST data: {request.POST}")
+    print(f"FILES data: {request.FILES}")
     if request.method == "POST":
         try:
             template = get_object_or_404(FormTemplate, id=template_id)

templates/forms/form_wizard.html

@@ -876,11 +876,10 @@
                     }
 
                     const formData = new FormData();
+
+                    // Add CSRF token as a form field (CRITICAL FIX)
                     formData.append('csrfmiddlewaretoken', csrfToken);
-                    // Add applicant info
-                    //formData.append('applicant_name', state.formData.applicant_name || '');
-                    //formData.append('applicant_email', state.formData.applicant_email || '');
-                    console.log(state.formData)
+
                     // Add field responses
                     state.stages.forEach(stage => {
                         stage.fields.forEach(field => {
@@ -898,22 +897,35 @@
                     });
 
                     try {
-                        const response = await fetch(`/forms/form/${state.templateId}/submit/`, {
+                        const response = await fetch(`/${state.templateId}/submit/`, {
                             method: 'POST',
                             body: formData
+                            // IMPORTANT: Do NOT set Content-Type header when using FormData
+                            // Do NOT set X-CSRFToken header when using csrfmiddlewaretoken in form data
                         });
 
-                        const result = await response.json();
+                        // Check if response is OK
+                        if (!response.ok) {
+                            throw new Error(`HTTP error! status: ${response.status}`);
+                        }
 
+                        const result = await response.json();
                         if (result.success) {
                             alert('Application submitted successfully! Thank you for your submission.');
-                            window.location.href = '/templates/'; // Redirect to templates list
+                            window.location.href = '/applications/'; // Redirect to applications list
                         } else {
-                            alert('Error submitting form: ' + result.error);
+                            alert('Error submitting form: ' + (result.error || 'Unknown error'));
                         }
                     } catch (error) {
-                        console.error('Error:', error);
-                        alert('Error submitting form. Please try again.');
+                        console.error('Submission error:', error);
+                        // Try to get response text for debugging
+                        try {
+                            const errorText = await response.text();
+                            console.error('Response text:', errorText);
+                            alert('Error submitting form. Server response: ' + errorText);
+                        } catch (e) {
+                            alert('Error submitting form: ' + error.message);
+                        }
                     }
                 }
 
@@ -953,7 +965,7 @@
                     elements.nextBtn.style.display = 'flex';
                     elements.nextBtn.textContent = state.currentStage === state.stages.length - 1 ?
                        'Preview' :
-            'Next'
+                        'Next'
                 }
 
                 function createFieldElement(field) {