开发者

google app engine _method?

How can I get the request body passed on to my views?

class RestHTTPMiddleware(object):
  def __init__(self, app):
    self.app = app

  def __call__(self, environ, start_response):
    request = Request(environ)
    environ['wsgi.input'] = StringIO.StringIO(request.body)

    method = webapp.Reque开发者_JS百科st(environ).get('_method')

    if method:
      environ['REQUEST_METHOD'] = method.upper()

    return self.app(environ, start_response)

when i test :

def put(self):
    logging.info("spot put %s", self.request.get("name"))

the following is logged: "spot put" but with no value.

this is how it's implemented:

def main():  
  app = webapp.WSGIApplication([
    (r'/spot/new/$', Spot),
    ],
   debug=True)
  # run_wsgi_app(application)
  wsgiref.handlers.CGIHandler().run(RestHTTPMiddleware(app))


You're almost there with this code, I think. Did you try and see if it works if you run fp.seek(0) after the Request instance is created?

I should also note that this is a dangerous hack! This allows me to trick your Web server into believing that an <img src="http://yourserver.com/?_method=POST&delete_account=1"> is a legitimate POST request from the user who views my site. Plainly: this is dangerous out of security perspective. Do not do this unless you feel certain you have other mechanisms that counteract this Pandora's box of CSRF nightmares.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜