Disallow GET requests on /new.

Having a GET request create a new object in the DB violates the spirit of HTTP.
zopefoundation · Sep 4, 2008 · e092a59 · e092a59
1 parent f0f2fd7
commit e092a59
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 12 deletions.
diff --git a/src/keas/kmi/README.txt b/src/keas/kmi/README.txt
@@ -216,7 +216,7 @@ So let's have a look at the call:
   >>> from zope.publisher.browser import TestRequest
 
   >>> request = TestRequest()
-  >>> request.method = 'GET'
+  >>> request.method = 'POST'
 
   >>> newCall = rest.NewView(keys, request)
   >>> key3 = newCall()
@@ -225,14 +225,6 @@ So let's have a look at the call:
   ...
   -----END RSA PRIVATE KEY-----
 
-You can also use post for the new key:
-
-  >>> request.method = 'POST'
-  >>> print newCall()
-  -----BEGIN RSA PRIVATE KEY-----
-  ...
-  -----END RSA PRIVATE KEY-----
-
 The key is available in the facility of course:
 
   >>> hash = md5.new()

diff --git a/src/keas/kmi/rest.py b/src/keas/kmi/rest.py
@@ -28,12 +28,10 @@ def __call__(self):
 
 class NewView(RestView):
 
-    def GET(self):
+    def POST(self):
         self.request.response.setHeader('content-type', 'text/plain')
         return self.context.generate()
 
-    POST = GET
-
 class KeyView(RestView):
 
     def POST(self):