google app engine _method?
How can I get the request body passed on to my views?
class RestHTTPMiddleware(object):
def __init__(self, app):
self.app = app
def __call__(self, environ, start_response):
request = Request(environ)
environ['wsgi.input'] = StringIO.StringIO(request.body)
method = webapp.Reque开发者_JS百科st(environ).get('_method')
if method:
environ['REQUEST_METHOD'] = method.upper()
return self.app(environ, start_response)
when i test :
def put(self):
logging.info("spot put %s", self.request.get("name"))
the following is logged: "spot put" but with no value.
this is how it's implemented:
def main():
app = webapp.WSGIApplication([
(r'/spot/new/$', Spot),
],
debug=True)
# run_wsgi_app(application)
wsgiref.handlers.CGIHandler().run(RestHTTPMiddleware(app))
You're almost there with this code, I think. Did you try and see if it works if you run fp.seek(0)
after the Request instance is created?
I should also note that this is a dangerous hack! This allows me to trick your Web server into believing that an <img src="http://yourserver.com/?_method=POST&delete_account=1">
is a legitimate POST request from the user who views my site. Plainly: this is dangerous out of security perspective. Do not do this unless you feel certain you have other mechanisms that counteract this Pandora's box of CSRF nightmares.
精彩评论