Thanks to both of you. Kevin, how would I do a regex mask for views? Thanks.
On Wednesday, April 11, 2012 2:05:27 AM UTC-4, Kevin wrote: > > Separating GET and POST is normally used for RESTful web programming. > Which is becoming a very common practice is popular competing frameworks, > such as Rails. > > Personally I would prefer a more "native" way in Django to separate > GET/POST views. I guess this could be done via a decorator or something. > > Another reason you may want to separate GET/POST is for security. For > example, only letting some views accept POST requests, and basically shove > a big 403 message to users who attempt to POST to a view which otherwise > shouldn't accept a POST. I normally limit this using the web server, so > POST requests will not even reach the web application if the component > doesn't even accept it. I always have a mind set that the Internet is > never safe, and everybody is a hacker. It's better to be safe, than sorry > that a malicious POST body reached your application. An easy way to do > this on the server is to use a regex mask for views which will accept a > POST body, such as having an extension of ".do" or ".action". If the view > doesn't have this special extension, then only allow GET requests to pass > through to WSGI. You can also filter out headers and such on the server to > further protect your WSGI application from the outside world. If you don't > have access to the server's configuration, well, then I'm sure the cloud > service you deployed to is "safe enough". > > On Tuesday, 10 April 2012 18:21:15 UTC-5, John Yeukhon Wong wrote: >> >> 3/4 down the page >> http://www.djangobook.com/en/2.0/chapter08/ >> >> urlpatterns = patterns('', # ... (r'^somepage/$', views.method_splitter, >> {'GET': views.some_page_get, 'POST': views.some_page_post}), # ... ) >> >> >> Is this a good practice at all? If I use the method splitter, my urls >> will look ugly. Or should I just separate based on the length of certain >> views? (If it's too long, break it into two, or use the delegator) >> > -- You received this message because you are subscribed to the Google Groups "Django users" group. To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/AdCV-UuVdKIJ. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
