The @login_required decorator works only for GET , It is mentioned in that page. So i am using the first method u suggested
Thanks a lot for the help . On Jan 18, 11:25 am, Robert Kluin <[email protected]> wrote: > Yeah, if you need to be able to allow some requests without cookies to > a 'secure' url you'll need to use a lower-level solution like those. > The options in app.yaml are higher-level. > > Robert > > On Tue, Jan 18, 2011 at 00:17, Silencer <[email protected]> wrote: > > > Thanks Robert , > > > Those solutions look better coding to me. > > > So i will have to anyway remove login:admin for URL's destined to be > > used for Cross Domain Resource Sharing. > > > Even login:required will also fail right ? > > Because preflight request is never send with cookies. > > > So basically i have to implement url securing myself. > > > On Jan 17, 11:19 pm, Robert Kluin <[email protected]> wrote: > >> Securing your URLs in code is OK, provided you're doing it > >> consistently perhaps using a decorator, or in a base AdminHandler. > >> This will let you allow some calls or respond differently to non-admin > >> calls. > > >> You might also want to check out the users.is_current_user_admin() > >> function. > >> http://code.google.com/appengine/docs/python/users/functions.html > > >> And, I would also suggest looking at the @login_required decorator. > >> You could just write a @admin_required decorator. > >> http://code.google.com/appengine/docs/python/tools/webapp/utilmodule.... > > >> Robert > > >> On Mon, Jan 17, 2011 at 12:33, Silencer <[email protected]> wrote: > >> > i have two apps let us call it app1 and app2 ; > > >> > Assume that i have logged in as admin in both apps. > >> > in my work-flow i have to do a POST request from app1 rendered page > >> > (http://app1.appspot.com/sourcepage ) > >> > to and apps url (http://app2.appspot.com/updatedata) . > > >> >http://app2.appspot.com/updatedataisa url secured by login:admin in > >> > the app.yaml file > > >> > Now in FF3.6 , when such an ajax request is done using jQuery , > >> > FF3.6 will first send a Preflighted request ( OPTIONS request ) . > >> > This request is sent without cookies. > >> > So appengine returns a redirect as response. > >> > Although i have implemented the options(self) function for the > >> > request, the control never reaches there > > >> > So the original POST is not send at all. > > >> > i read in some article that the credentials will not be sent with the > >> > Preflighted request > >> > So in that case is there a way to make options request alone to pass > >> > through for admin urls ? > > >> > TO get my workflow done at last i removed login:admin from app.yaml > >> > and > >> > checks for user logged in and compare email id's to a set of allowed > >> > admins. > >> > I know it is bad programming , but still. > > >> > Is there any thing that i miss ? > > >> > Please help > > >> > -- > >> > You received this message because you are subscribed to the Google > >> > Groups "Google App Engine" group. > >> > To post to this group, send email to [email protected]. > >> > To unsubscribe from this group, send email to > >> > [email protected]. > >> > For more options, visit this group > >> > athttp://groups.google.com/group/google-appengine?hl=en. > > > -- > > You received this message because you are subscribed to the Google Groups > > "Google App Engine" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group > > athttp://groups.google.com/group/google-appengine?hl=en. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
