|
32 | 32 | basestring = str |
33 | 33 | unicode = str |
34 | 34 |
|
| 35 | +import logging |
| 36 | +logger = logging.getLogger('roundup.rest') |
| 37 | + |
35 | 38 | def _data_decorator(func): |
36 | 39 | """Wrap the returned data into an object.""" |
37 | 40 | def format_object(self, *args, **kwargs): |
@@ -1110,7 +1113,21 @@ def dispatch(self, method, uri, input): |
1110 | 1113 | """format and process the request""" |
1111 | 1114 | # if X-HTTP-Method-Override is set, follow the override method |
1112 | 1115 | headers = self.client.request.headers |
1113 | | - method = headers.getheader('X-HTTP-Method-Override') or method |
| 1116 | + # Never allow GET to be an unsafe operation (i.e. data changing). |
| 1117 | + # User must use POST to "tunnel" DELETE, PUT, OPTIONS etc. |
| 1118 | + override = headers.getheader('X-HTTP-Method-Override') |
| 1119 | + output = None |
| 1120 | + if override: |
| 1121 | + if method.upper() != 'GET': |
| 1122 | + logger.debug( |
| 1123 | + 'Method overridden from %s to %s', method, override) |
| 1124 | + method = override |
| 1125 | + else: |
| 1126 | + output = self.error_obj(400, |
| 1127 | + "X-HTTP-Method-Override: %s can not be used with GET method. Use Post instead." % override) |
| 1128 | + logger.info( |
| 1129 | + 'Ignoring X-HTTP-Method-Override for GET request on %s', |
| 1130 | + uri) |
1114 | 1131 |
|
1115 | 1132 | # parse Accept header and get the content type |
1116 | 1133 | accept_header = parse_accept_header(headers.getheader('Accept')) |
@@ -1154,7 +1171,10 @@ def dispatch(self, method, uri, input): |
1154 | 1171 |
|
1155 | 1172 | # Call the appropriate method |
1156 | 1173 | try: |
1157 | | - output = Routing.execute(self, uri, method, input) |
| 1174 | + # If output was defined by a prior error |
| 1175 | + # condition skip call |
| 1176 | + if not output: |
| 1177 | + output = Routing.execute(self, uri, method, input) |
1158 | 1178 | except NotFound as msg: |
1159 | 1179 | output = self.error_obj(404, msg) |
1160 | 1180 | except Reject as msg: |
|
0 commit comments