Requiring HTTP methods
Just a quick tip today: someone on IRC tonight was asking for an easy way to write a Django view which restricts itself to only allowing a specific HTTP method or methods. For example, a web-based API might want to only allow POST to specific views.
This is actually pretty easy to do with a set of decorators built in to Django, in the module django.views.decorators.http. Specifically, the fix for ticket #703 added three useful things to that module:
-
require_POSTis a decorator which checks that the HTTP method of the request wasPOST, and returns HTTP 405 — “method not allowed” if it wasn’t. -
require_GETis a decorator which checks that the HTTP method of the request wasGET, and returns HTTP 405 if it wasn’t. -
require_http_methodsis a function which generates decorators, much like theuser_passes_testdecorator indjango.contrib.authwhich lets you specify any test you like for the user;require_http_methodstakes a list of HTTP methods, and returns a decorator which enforces that the request uses one of those methods.
Also in that module is the decorator conditional_page, which provides helpful support for conditional GET; it has the same effect as django.middleware.http.ConditionalGetMiddleware, but as a decorator which only applies to a single view.
These have all been a part of Django for a couple years now, but unfortunately came in at a time when we weren’t quite as strict about requiring new functionality to include documentation before being checked in, so the official docs are somewhat lacking for these. I’ve opened a ticket (#6181 for those who are interested) for that, and if nobody else beats me to it I’ll work on it the next time I have a chance.