Sok Ann Yap wrote: > I noticed that since version 0.9.3, PUT's params will be put into > request.POST by WebOb. So, I wonder if DELETE will be threated the > same?
No. I was reluctant to allow this for PUT, but definitely am against it for any other HTTP methods. > My use case: > pylons.decorators.secure.authenticate_form only check for > request.POST. I have a secure_form with method='delete' and want to > test it, but there doesn't seem to be a way to pass the authentication > token through self.app.delete into request.POST. > > This is similar to http://pylonshq.com/project/pylonshq/ticket/482 > > By the way, I used to have some ugly workaround to make self.app.put > works with pylons.decorators.validate, by parsing wsgi.input into > request.params and then set post_only=False. Sure glad I don't have to > do that anymore :) I'm not sure why authentication tokens are only coming from wsgi.input, but that's the problem -- you should be able to set something in the environment to simulate authentication, and if not then that's a bug in the authentication system. -- Ian Bicking : [EMAIL PROTECTED] : http://blog.ianbicking.org --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
