From 92759c9fef799ba17a9d17df52fd54bf24378dbe Mon Sep 17 00:00:00 2001
From: Joe Schneider <joeschneider@invenshure.com>
Date: Wed, 5 Aug 2015 16:28:34 -0500
Subject: [PATCH] Restrict /file endpoint to POST method
---
api.py | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/api.py b/api.py
index f343446c..27f07a60 100644
--- a/api.py
+++ b/api.py
@@ -46,7 +46,7 @@ routes = [
webapp2.Route(r'/groups', projects.Projects, handler_method='groups', methods=['GET']),
webapp2.Route(r'/schema', projects.Project, handler_method='schema', methods=['GET']),
webapp2.Route(r'/<:[0-9a-f]{24}>', projects.Project, name='project'),
- webapp2.Route(r'/<:[0-9a-f]{24}>/file', projects.Project, handler_method='file'),
+ webapp2.Route(r'/<:[0-9a-f]{24}>/file', projects.Project, handler_method='file', methods=['POST']),
webapp2.Route(r'/<:[0-9a-f]{24}>/file/<:[^/]+>', projects.Project, handler_method='file'),
webapp2.Route(r'/<pid:[0-9a-f]{24}>/sessions', sessions.Sessions, name='p_sessions'),
]),
@@ -56,7 +56,7 @@ routes = [
webapp2.Route(r'/curators', collections_.Collections, handler_method='curators', methods=['GET']),
webapp2.Route(r'/schema', collections_.Collection, handler_method='schema', methods=['GET']),
webapp2.Route(r'/<:[0-9a-f]{24}>', collections_.Collection, name='collection'),
- webapp2.Route(r'/<:[0-9a-f]{24}>/file', collections_.Collection, handler_method='file'),
+ webapp2.Route(r'/<:[0-9a-f]{24}>/file', collections_.Collection, handler_method='file', methods=['POST']),
webapp2.Route(r'/<:[0-9a-f]{24}>/file/<:[^/]+>', collections_.Collection, handler_method='file'),
webapp2.Route(r'/<:[0-9a-f]{24}>/sessions', collections_.CollectionSessions, name='coll_sessions'),
webapp2.Route(r'/<:[0-9a-f]{24}>/acquisitions', collections_.CollectionAcquisitions, name='coll_acquisitions'),
@@ -66,7 +66,7 @@ routes = [
webapp2.Route(r'/count', sessions.Sessions, handler_method='count', methods=['GET']),
webapp2.Route(r'/schema', sessions.Session, handler_method='schema', methods=['GET']),
webapp2.Route(r'/<:[0-9a-f]{24}>', sessions.Session, name='session'),
- webapp2.Route(r'/<:[0-9a-f]{24}>/file', sessions.Session, handler_method='file'),
+ webapp2.Route(r'/<:[0-9a-f]{24}>/file', sessions.Session, handler_method='file', methods=['POST']),
webapp2.Route(r'/<:[0-9a-f]{24}>/file/<:[^/]+>', sessions.Session, handler_method='file'),
webapp2.Route(r'/<:[0-9a-f]{24}>/acquisitions', acquisitions.Acquisitions, name='acquisitions'),
]),
@@ -74,7 +74,7 @@ routes = [
webapp2.Route(r'/count', acquisitions.Acquisitions, handler_method='count', methods=['GET']),
webapp2.Route(r'/schema', acquisitions.Acquisition, handler_method='schema', methods=['GET']),
webapp2.Route(r'/<:[0-9a-f]{24}>', acquisitions.Acquisition, name='acquisition'),
- webapp2.Route(r'/<:[0-9a-f]{24}>/file', acquisitions.Acquisition, handler_method='file'),
+ webapp2.Route(r'/<:[0-9a-f]{24}>/file', acquisitions.Acquisition, handler_method='file', methods=['POST']),
webapp2.Route(r'/<:[0-9a-f]{24}>/file/<:[^/]+>', acquisitions.Acquisition, handler_method='file'),
webapp2.Route(r'/<:[0-9a-f]{24}>/tile', acquisitions.Acquisition, handler_method='get_tile', methods=['GET']),
]),
--
GitLab