If the request to /services/paypal isn't a POST, abort

RESOLVED FIXED in 4.x (triaged)

Status

P5
enhancement
RESOLVED FIXED
9 years ago
3 years ago

People

(Reporter: clouserw, Assigned: clouserw)

Tracking

unspecified
4.x (triaged)

Details

Attachments

(1 attachment)

(Assignee)

Description

9 years ago
Created attachment 437111 [details] [diff] [review]
if not post; gtfo

This is just a code quality thing I was looking at.  If a request comes in to /services/paypal we send a request to paypal, wait for a response, and then print out an answer.  If a request isn't POST, there is no reason to even look at it.

...I think.  I want someone to back me up on that before I commit anything. ;)  This bug is low priority like author names not being lined up right in IE6.
Attachment #437111 - Flags: review?(fwenzel)
Comment on attachment 437111 [details] [diff] [review]
if not post; gtfo

I agree with your reasoning: It's important that we don't send a code 200 unless the request succeeds, and just running into a code 500 is sloppy, so might as well turn non-POST requests away at the door.

However, r- because: 403 is the wrong response code, 405 is the right one. Also, Django has a require_POST decorator that'll do the work for you: http://www.b-list.org/weblog/2007/dec/11/http/
Attachment #437111 - Flags: review?(fwenzel) → review-
(Assignee)

Comment 2

9 years ago
I didn't change the response code because paypal is picky about those things and I assumed someone else read the spec.  But fine, I'll read it myself :)
(In reply to comment #2)
> I didn't change the response code because paypal is picky about those things
> and I assumed someone else read the spec.  But fine, I'll read it myself :)

I'm pretty sure paypal has no idea that HTTP has response codes.
(Assignee)

Comment 4

8 years ago
someone already did this
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.