Protect POST method.

* Remove check on old header. * Fix tests. Change-Id: Ib706e57dca0669f6c611518a6379ce24f2e527b8
author: Milo Casagrande <milo.casagrande@linaro.org> 2014-07-25 11:15:07 +0200
committer: Milo Casagrande <milo.casagrande@linaro.org> 2014-07-25 11:15:07 +0200
commit: dcfd06be321cdd867287ae64966ff2c96543a3cc (patch)
tree: 80110cb705413afb0525ad74395df4e84b03b3c3 /app/handlers/base.py
parent: dc0deb89c1c56b2ba9bf5491811678624a78e89b (diff)
1 files changed, 3 insertions, 5 deletions
diff --git a/app/handlers/base.py b/app/handlers/base.py
index 1e64738..934675a 100644
--- a/app/handlers/base.py
+++ b/app/handlers/base.py
@@ -198,6 +198,7 @@ class BaseHandler(RequestHandler):
 
         return valid_content
 
+    @protected
     @asynchronous
     def post(self, *args, **kwargs):
 
@@ -224,11 +225,8 @@ class BaseHandler(RequestHandler):
         """
         return_code = 200
 
-        if self._has_xsrf_header():
-            if not self._has_valid_content_type():
-                return_code = 415
-        else:
-            return_code = 403
+        if not self._has_valid_content_type():
+            return_code = 415
 
         return return_code
author	Milo Casagrande <milo.casagrande@linaro.org>	2014-07-25 11:15:07 +0200
committer	Milo Casagrande <milo.casagrande@linaro.org>	2014-07-25 11:15:07 +0200
commit	dcfd06be321cdd867287ae64966ff2c96543a3cc (patch)
tree	80110cb705413afb0525ad74395df4e84b03b3c3 /app/handlers/base.py
parent	dc0deb89c1c56b2ba9bf5491811678624a78e89b (diff)