On Mon, Aug 22, 2011 at 4:39 PM, Miki Tebeka <miki.teb...@gmail.com> wrote:
> You can check if there is a "non-allowed variable" and then return HTTP error.
> if set(form) - set(allowedVariables):
> print('Status: 406\n\n')
> raise SystemExit()
>
I'd be disinclined to do this; ignore unrecognized query variables,
but don't throw back an error. Sometimes it's convenient to let the
browser send a "junk header" that the server will ignore - helps with
integration with other systems. As long as you can be sure that the
script won't do the wrong thing, it should be fine to have an extra
bit of GET/POST data.
ChrisA
--
http://mail.python.org/mailman/listinfo/python-list
