summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDan McGee <dan@archlinux.org>2013-04-17 03:16:06 +0200
committerDan McGee <dan@archlinux.org>2013-04-17 03:16:06 +0200
commit283cd944beefce8e364f238f25133e2d65b7702b (patch)
treea394db9c8e216e63e0f76001ce269b0e715a5587
parent4fd50fa622b13ecc5104919c0e7ed51f64734d92 (diff)
downloadarchweb-283cd944beefce8e364f238f25133e2d65b7702b.tar.gz
archweb-283cd944beefce8e364f238f25133e2d65b7702b.tar.xz
Use require_safe decorator rather than require_GET
This was added in Django 1.4, and ensures both GET and HEAD requests, but not POST requests, are allowed through. Signed-off-by: Dan McGee <dan@archlinux.org>
-rw-r--r--packages/views/__init__.py6
1 files changed, 3 insertions, 3 deletions
diff --git a/packages/views/__init__.py b/packages/views/__init__.py
index 4c19538..c1f0f49 100644
--- a/packages/views/__init__.py
+++ b/packages/views/__init__.py
@@ -9,7 +9,7 @@ from django.db.models import Q
from django.http import HttpResponse
from django.shortcuts import redirect, render
from django.views.decorators.cache import cache_control
-from django.views.decorators.http import require_GET, require_POST
+from django.views.decorators.http import require_safe, require_POST
from main.models import Package, Arch
from ..models import PackageRelation
@@ -24,7 +24,7 @@ from .search import search_json
from .signoff import signoffs, signoff_package, signoff_options, signoffs_json
-@require_GET
+@require_safe
@cache_control(public=True, max_age=86400)
def opensearch(request):
if request.is_secure():
@@ -37,7 +37,7 @@ def opensearch(request):
content_type='application/opensearchdescription+xml')
-@require_GET
+@require_safe
@cache_control(public=True, max_age=300)
def opensearch_suggest(request):
search_term = request.GET.get('q', '')