diff options
author | Dan McGee <dan@archlinux.org> | 2013-04-17 03:16:06 +0200 |
---|---|---|
committer | Dan McGee <dan@archlinux.org> | 2013-04-17 03:16:06 +0200 |
commit | 283cd944beefce8e364f238f25133e2d65b7702b (patch) | |
tree | a394db9c8e216e63e0f76001ce269b0e715a5587 | |
parent | 4fd50fa622b13ecc5104919c0e7ed51f64734d92 (diff) | |
download | archweb-283cd944beefce8e364f238f25133e2d65b7702b.tar.gz archweb-283cd944beefce8e364f238f25133e2d65b7702b.tar.xz |
Use require_safe decorator rather than require_GET
This was added in Django 1.4, and ensures both GET and HEAD requests,
but not POST requests, are allowed through.
Signed-off-by: Dan McGee <dan@archlinux.org>
-rw-r--r-- | packages/views/__init__.py | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/packages/views/__init__.py b/packages/views/__init__.py index 4c19538..c1f0f49 100644 --- a/packages/views/__init__.py +++ b/packages/views/__init__.py @@ -9,7 +9,7 @@ from django.db.models import Q from django.http import HttpResponse from django.shortcuts import redirect, render from django.views.decorators.cache import cache_control -from django.views.decorators.http import require_GET, require_POST +from django.views.decorators.http import require_safe, require_POST from main.models import Package, Arch from ..models import PackageRelation @@ -24,7 +24,7 @@ from .search import search_json from .signoff import signoffs, signoff_package, signoff_options, signoffs_json -@require_GET +@require_safe @cache_control(public=True, max_age=86400) def opensearch(request): if request.is_secure(): @@ -37,7 +37,7 @@ def opensearch(request): content_type='application/opensearchdescription+xml') -@require_GET +@require_safe @cache_control(public=True, max_age=300) def opensearch_suggest(request): search_term = request.GET.get('q', '') |