From 385e7cb47889682f800c7ff0cd86ab34c90a9a5d Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
<41898282+github-actions[bot]@users.noreply.github.com>
Date: Fri, 28 Jul 2023 22:14:55 +1000
Subject: [PATCH] Return 404 on API requests other than GET (#5365) (#5366)
- Other request methods need love too!
(cherry picked from commit 59ffdcaa1906f306378984d12cc40f61c7b80621)
(cherry picked from commit b89a120f9e673845e67ad6729bddb6a77974472d)
Co-authored-by: Oliver <oliver.henry.walters@gmail.com>
---
InvenTree/InvenTree/api.py | 39 +++++++++++++++++++++++++++++++-------
1 file changed, 32 insertions(+), 7 deletions(-)
diff --git a/InvenTree/InvenTree/api.py b/InvenTree/InvenTree/api.py
index 75c4e4b4f0..6301656701 100644
--- a/InvenTree/InvenTree/api.py
+++ b/InvenTree/InvenTree/api.py
@@ -59,14 +59,39 @@ class NotFoundView(AjaxView):
permission_classes = [permissions.AllowAny]
- def get(self, request, *args, **kwargs):
- """Process an `not found` event on the API."""
- data = {
- 'details': _('API endpoint not found'),
- 'url': request.build_absolute_uri(),
- }
+ def not_found(self, request):
+ """Return a 404 error"""
+ return JsonResponse(
+ {
+ 'detail': _('API endpoint not found'),
+ 'url': request.build_absolute_uri(),
+ },
+ status=404
+ )
- return JsonResponse(data, status=404)
+ def options(self, request, *args, **kwargs):
+ """Return 404"""
+ return self.not_found(request)
+
+ def get(self, request, *args, **kwargs):
+ """Return 404"""
+ return self.not_found(request)
+
+ def post(self, request, *args, **kwargs):
+ """Return 404"""
+ return self.not_found(request)
+
+ def patch(self, request, *args, **kwargs):
+ """Return 404"""
+ return self.not_found(request)
+
+ def put(self, request, *args, **kwargs):
+ """Return 404"""
+ return self.not_found(request)
+
+ def delete(self, request, *args, **kwargs):
+ """Return 404"""
+ return self.not_found(request)
class BulkDeleteMixin: