#15637: Add a require_safe decorator for views to accept GET or HEAD ---------------------------+--------------------------- Reporter: aaugustin | Owner: nobody Status: new | Milestone: Component: HTTP handling | Version: SVN Keywords: | Triage Stage: Unreviewed Has patch: 0 | ---------------------------+--------------------------- It is a good practice to reject POST requests on views that are not intended to process them. Django provides the require_GET decorator for this purpose.
Although browsers only implement GET and POST methods, other software such as link checkers uses HEAD requests. Views protected by require_GET will (obviously) reject such requests with "405 Method Not Allowed". I've encountered the problem with the "Check My Links" extension for Google Chrome. However, RFC2616 says that "The HEAD method is identical to GET except that the server MUST NOT return a message-body in the response." Django already enforces this behavior by stripping the body of the responses to HEAD requests. So I think that in most cases, it makes more sense to accept GET and HEAD than only GET. That is why I'm proposing a "require_safe" decorator for this purpose. -- Ticket URL: <http://code.djangoproject.com/ticket/15637> Django <http://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to django-updates@googlegroups.com. To unsubscribe from this group, send email to django-updates+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-updates?hl=en.
