Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
use new onlyAllow() method in baked code, to ensure 405 responses hav…
…e required Allow header included
- Loading branch information
Showing
2 changed files
with
11 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
27d83ee
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure this is a good change. data can be empty but still be a POST request
27d83ee
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Moreover, those methods also accept GET so it would be inaccurate to respond to browser that method only accepts POST
27d83ee
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah, the delete method makes sense, but the rest is debatable.
27d83ee
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
propose to partial remove and keep in delete: cc92717
27d83ee
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ceeram: i guess you could first check on valid post/delete before actually checking for exists() in the db on delete. so the initial order was good for me.
27d83ee
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I dont agree, if you get methodnotallowed then change method to same uri suddenly you could get 404
if the resource does not exist, your should always get 404, and only get 405 when it exists but wrong method
27d83ee
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ceeram I think the change in cc92717 is a good compromise that better communicates how delete() methods should be used, and doesn't tell half truths for add() and edit().
27d83ee
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cherry-picked the commit to 2.3: abe74ad