Login

prevent GET or POST requests

Author:
jerzyk
Posted:
December 11, 2007
Language:
Python
Version:
.96
Tags:
view request post
Score:
-2 (after 6 ratings)

This will return HTTP 405 if request was not POSTed. same way you can forbide POST request, change 'POST' to 'GET'

Decorators provided for your convenience.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
from django.http import HttpResponseNotAllowed

def my_view(request):
    if request.method != 'POST':
        return HttpResponseNotAllowed('Only POST here')


# decorators
def post_only(func):
    def decorated(request, *args, **kwargs):
        if request.method != 'POST':
            return HttpResponseNotAllowed('Only POST here')
        return func(request, *args, **kwargs)
    return decorated

def get_only(func):
    def decorated(request, *args, **kwargs):
        if request.method != 'GET':
            return HttpResponseNotAllowed('Only GET here')
        return func(request, *args, **kwargs)
    return decorated
    

More like this

Comments

jerzyk (on December 11, 2007):
<p>django has it's own decorators from django.views.decorators.http import require_http_methods, require_GET, require_POST</p>

#

Please login first before commenting.