Skip to content

Commit ef38353

Browse files
rouiljrouilj
committed
Fix OPTIONS responses:
 Remove all HEAD methods as they return errors. Do not advertise writable method for class/id/properties path if property is read only (i.e. protected prop). Collections do not have PUT, PATCH, DELETE (delete is accepted but always returns 400 code).
1 parent 1eea695 commit ef38353

File tree

1 file changed

+28
-5
lines changed

1 file changed

+28
-5
lines changed

roundup/rest.py

Lines changed: 28 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1305,6 +1305,10 @@ def options_collection(self, class_name, input):
13051305
"""
13061306
if class_name not in self.db.classes:
13071307
raise NotFound('Class %s not found' % class_name)
1308+
self.client.setHeader(
1309+
"Allow",
1310+
"OPTIONS, GET, POST"
1311+
)
13081312
return 204, ""
13091313

13101314
@Routing.route("/data/<:class_name>/<:item_id>", 'OPTIONS')
@@ -1322,6 +1326,10 @@ def options_element(self, class_name, item_id, input):
13221326
"Accept-Patch",
13231327
"application/x-www-form-urlencoded, multipart/form-data"
13241328
)
1329+
self.client.setHeader(
1330+
"Allow",
1331+
"OPTIONS, GET, PUT, DELETE, PATCH"
1332+
)
13251333
return 204, ""
13261334

13271335
@Routing.route("/data/<:class_name>/<:item_id>/<:attr_name>", 'OPTIONS')
@@ -1335,10 +1343,25 @@ def option_attribute(self, class_name, item_id, attr_name, input):
13351343
"""
13361344
if class_name not in self.db.classes:
13371345
raise NotFound('Class %s not found' % class_name)
1338-
self.client.setHeader(
1339-
"Accept-Patch",
1340-
"application/x-www-form-urlencoded, multipart/form-data"
1341-
)
1346+
class_obj = self.db.getclass(class_name)
1347+
if attr_name in class_obj.getprops(protected=False):
1348+
self.client.setHeader(
1349+
"Accept-Patch",
1350+
"application/x-www-form-urlencoded, multipart/form-data"
1351+
)
1352+
self.client.setHeader(
1353+
"Allow",
1354+
"OPTIONS, GET, PUT, DELETE, PATCH"
1355+
)
1356+
elif attr_name in class_obj.getprops(protected=True):
1357+
# It must match a protected prop. These can't be written.
1358+
self.client.setHeader(
1359+
"Allow",
1360+
"OPTIONS, GET"
1361+
)
1362+
else:
1363+
raise NotFound('Attribute %s not valid for Class %s' %(
1364+
attr_name,class_name))
13421365
return 204, ""
13431366

13441367
@Routing.route("/")
@@ -1504,7 +1527,7 @@ def dispatch(self, method, uri, input):
15041527
)
15051528
self.client.setHeader(
15061529
"Allow",
1507-
"HEAD, OPTIONS, GET, POST, PUT, DELETE, PATCH"
1530+
"OPTIONS, GET, POST, PUT, DELETE, PATCH"
15081531
)
15091532
self.client.setHeader(
15101533
"Access-Control-Allow-Methods",

0 commit comments

Comments
 (0)