lazr.restful

Merge lp:~leonardr/lazr.restful/ignore-x-http-method-override-on-non-post into lp:lazr.restful

  1. ignore-x-http-method-override-on-non-post
  2. Merge into trunk
Proposed by Leonard Richardson
Status: Merged
Approved by: Tim Penhey
Approved revision: 160
Merged at revision: 159
Proposed branch: lp:~leonardr/lazr.restful/ignore-x-http-method-override-on-non-post
Merge into: lp:lazr.restful
Diff against target: 130 lines (+30/-30)
3 files modified
src/lazr/restful/NEWS.txt (+5/-2)
src/lazr/restful/_resource.py (+8/-22)
src/lazr/restful/example/base/tests/entry.txt (+17/-6)
To merge this branch: bzr merge lp:~leonardr/lazr.restful/ignore-x-http-method-override-on-non-post
Reviewer Review Type Date Requested Status
Tim Penhey (community) Approve
Review via email: mp+46794@code.launchpad.net

Description of the change

This branch fixes bug 423149 by ignoring the X-HTTP-Method-Override header unless the incoming request is a POST request. See that bug for analysis.

To post a comment you must log in.
lp:~leonardr/lazr.restful/ignore-x-http-method-override-on-non-post updated
160. By Leonard Richardson

Merge from trunk.

Revision history for this message
Tim Penhey (thumper) wrote :

Looks good to me.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'src/lazr/restful/NEWS.txt'
2--- src/lazr/restful/NEWS.txt 2011-01-17 23:51:16 +0000
3+++ src/lazr/restful/NEWS.txt 2011-01-19 18:29:09 +0000
4@@ -2,12 +2,15 @@
5 NEWS for lazr.restful
6 =====================
7
8-Unreleased
9-==========
10+0.15.1 (2010-01-19)
11+===================
12
13 Fixed a redirect bug when a web browser requests a representation
14 other than JSON.
15
16+Removed overzealous error checking that was causing problems for
17+browsers such as Chromium. (Launchpad bug 423149.)
18+
19 0.15.0 (2010-11-30)
20 ===================
21
22
23=== modified file 'src/lazr/restful/_resource.py'
24--- src/lazr/restful/_resource.py 2010-10-25 16:31:09 +0000
25+++ src/lazr/restful/_resource.py 2011-01-19 18:29:09 +0000
26@@ -216,9 +216,6 @@
27 # A preparsed template file for WADL representations of resources.
28 WADL_TEMPLATE = LazrPageTemplateFile('templates/wadl-resource.pt')
29
30- HTTP_METHOD_OVERRIDE_ERROR = ("X-HTTP-Method-Override can only be used "
31- "with a POST request.")
32-
33 # All resources serve WADL and JSON representations. Only entry
34 # resources serve XHTML representations.
35 SUPPORTED_CONTENT_TYPES = [WADL_TYPE, DEPRECATED_WADL_TYPE, JSON_TYPE]
36@@ -238,20 +235,15 @@
37 This is usually the actual HTTP method, but it might be
38 overridden by a value for X-HTTP-Method-Override.
39
40- :return: None if the valid for X-HTTP-Method-Override is invalid.
41- Otherwise, the HTTP method to use.
42+ :return: The HTTP method to use.
43 """
44 if request == None:
45 request = self.request
46 override = request.headers.get('X-HTTP-Method-Override')
47- if override is not None:
48- if request.method == 'POST':
49- return override
50- else:
51- # XHMO should not be used unless the underlying method
52- # is POST.
53- self.request.response.setStatus(400)
54- return None
55+ if override is not None and request.method == 'POST':
56+ # POST is the only HTTP method for which we respect
57+ # X-HTTP-Method-Override.
58+ return override
59 return request.method
60
61 def handleConditionalGET(self):
62@@ -863,9 +855,7 @@
63 """Handle a GET or (if implemented) POST request."""
64 result = ""
65 method = self.getRequestMethod()
66- if method is None:
67- result = self.HTTP_METHOD_OVERRIDE_ERROR
68- elif method == "GET":
69+ if method == "GET":
70 result = self.do_GET()
71 elif method == "POST" and self.implementsPOST():
72 result = self.do_POST()
73@@ -893,9 +883,7 @@
74 result = ""
75 method = self.getRequestMethod()
76 try:
77- if method is None:
78- result = self.HTTP_METHOD_OVERRIDE_ERROR
79- elif method == "GET":
80+ if method == "GET":
81 result = self.do_GET()
82 elif method in ["PUT", "PATCH"]:
83 media_type = self.handleConditionalWrite()
84@@ -1799,9 +1787,7 @@
85 def __call__(self, REQUEST=None):
86 """Handle a GET request."""
87 method = self.getRequestMethod(REQUEST)
88- if method is None:
89- result = self.HTTP_METHOD_OVERRIDE_ERROR
90- elif method == "GET":
91+ if method == "GET":
92 result = self.do_GET()
93 else:
94 REQUEST.response.setStatus(405)
95
96=== modified file 'src/lazr/restful/example/base/tests/entry.txt'
97--- src/lazr/restful/example/base/tests/entry.txt 2010-10-25 16:31:09 +0000
98+++ src/lazr/restful/example/base/tests/entry.txt 2011-01-19 18:29:09 +0000
99@@ -404,14 +404,25 @@
100 HTTP/1.1 209 Content Returned
101 ...
102
103-If you try to use X-HTTP-Method-Override when the underlying HTTP
104-method is not POST, you'll get an error.
105+Here, the use of a nonexistent HTTP method causes an error.
106
107 >>> print modify_cookbook('Everyday Greens',
108- ... {}, 'GET', {'X-HTTP-Method-Override' : 'PATCH'})
109- HTTP/1.1 400 Bad Request
110- ...
111- X-HTTP-Method-Override can only be used with a POST request.
112+ ... {'cuisine' : 'General'}, 'POST',
113+ ... {'X-HTTP-Method-Override' : 'NOSUCHMETHOD'})
114+ HTTP/1.1 405 Method Not Allowed
115+ ...
116+
117+X-HTTP-Method-Override is only respected when the underlying HTTP
118+method is POST. If you use X-HTTP-Method-Override with any other HTTP
119+method, your value is ignored. Here, a nonexistent HTTP method is
120+ignored in favor of HTTP GET.
121+
122+ >>> print webservice('/cookbooks/Everyday%20Greens', 'GET',
123+ ... headers={'X-HTTP-Method-Override' : 'NOSUCHMETHOD'})
124+ HTTP/1.1 200 Ok
125+ ...
126+ Content-Type: application/json
127+ ...
128
129 Even if a client supports PATCH, sometimes it's easier to GET a
130 document, modify it, and send it back. If you have the full document

Subscribers

People subscribed via source and target branches