673 return redirect(make_frontend_url(f'orders/{order_identifier}/view'))
674
675
676@order_misc_routes.route(677 '/orders/<string:order_identifier>/paytm/initiate-transaction',
678 methods=['POST', 'GET'],
679)
633 return jsonify(status=False, error='Source object status error')
634
635
636@order_misc_routes.route(637 '/orders/<string:order_identifier>/omise-checkout', methods=['POST', 'GET']
638)
639@jwt_required
612 raise BadRequestError({'source': ''}, 'Source creation error')
613
614
615@alipay_blueprint.route(616 '/alipay_return_uri/<string:order_identifier>', methods=['GET', 'POST']
617)
618def alipay_return_uri(order_identifier):
584 return jsonify(status=status, error=error)
585
586
587@alipay_blueprint.route(588 '/create_source/<string:order_identifier>', methods=['GET', 'POST']
589)
590@jwt_required
168 return jsonify(status=False, error=response)
169
170
171@order_misc_routes.route(172 '/event-invoices/<string:invoice_identifier>/charge', methods=['POST', 'GET']
173)
174@jwt_required
An HTTP method is safe if it doesn't alter the state of the server i.e it leads to a read-only operation.
Common safe HTTP methods: GET
, HEAD
, and OPTIONS
.
Whereas, POST
, PUT
, and DELETE
are unsafe because they alter the server state.
The use of both safe and unsafe HTTP methods on a view makes the application vulnerable to Cross-Site Request Forgery (CSRF). CSRF protections are responsible for protecting operations performed by unsafe HTTP methods. They do not protect if safe HTTP methods used for a route that can change the state of an application.
It is recommended to use safe HTTP methods only when read-only operations need to be performed. Don't use safe and unsafe methods together.
For Django:
from django.views.decorators.http import require_http_methods
@require_http_methods(["GET", "POST"]) # Sensitive
def register(request):
...
For Flask:
import flask
from flask import Flask
app = Flask(__name__)
@app.route('/sensitive', methods=['GET', 'POST']) # Sensitive
def register():
...
For Django
from django.views.decorators.http import require_POST, require_GET
@require_POST
def register(request):
...
@require_GET
def post(request):
...
For Flask
import flask
from flask import Flask
app = Flask(__name__)
@app.route('/sensitive', methods=['POST']) # Sensitive
def register():
...
@app.route('/sensitive', methods=['GET']) # Sensitive
def hello_world():
return "Hello World"