diff options
Diffstat (limited to 'actionwebservice/lib')
-rw-r--r-- | actionwebservice/lib/action_web_service/api.rb | 3 | ||||
-rw-r--r-- | actionwebservice/lib/action_web_service/dispatcher/action_controller_dispatcher.rb | 7 |
2 files changed, 8 insertions, 2 deletions
diff --git a/actionwebservice/lib/action_web_service/api.rb b/actionwebservice/lib/action_web_service/api.rb index 73fb886e6d..d97eb5e6a1 100644 --- a/actionwebservice/lib/action_web_service/api.rb +++ b/actionwebservice/lib/action_web_service/api.rb @@ -21,6 +21,9 @@ module ActionWebService # :nodoc: # Whether to transform the public API method names into camel-cased names class_inheritable_option :inflect_names, true + # By default only HTTP POST requests are processed + class_inheritable_option :allowed_http_methods, [ :post ] + # Whether to allow ActiveRecord::Base models in <tt>:expects</tt>. # The default is +false+; you should be aware of the security implications # of allowing this, and ensure that you don't allow remote callers to diff --git a/actionwebservice/lib/action_web_service/dispatcher/action_controller_dispatcher.rb b/actionwebservice/lib/action_web_service/dispatcher/action_controller_dispatcher.rb index 85773a617d..9c16c50248 100644 --- a/actionwebservice/lib/action_web_service/dispatcher/action_controller_dispatcher.rb +++ b/actionwebservice/lib/action_web_service/dispatcher/action_controller_dispatcher.rb @@ -37,8 +37,11 @@ module ActionWebService # :nodoc: module InstanceMethods # :nodoc: private def dispatch_web_service_request - if request.get? - render_text('GET not supported', '500 GET not supported') + method = request.method.to_s.upcase + allowed_methods = self.class.web_service_api ? (self.class.web_service_api.allowed_http_methods.dup || []) : [ :post ] + allowed_methods.map!{|m| m.to_s.upcase } + if !allowed_methods.include?(method) + render_text("#{method} not supported", "500 #{method} not supported") return end exception = nil |