Distinguishing between GET and POST data in CherryPy?

About

Asked 7/4, 2011 at 23:46 Answered 8/4, 2011 at 0:4

I've been deciding between Python web frameworks for a project of mine and I've really liked how lightweight, flexible, and concise CherryPy is compared to others. The only problem I'm having is I can't find any documentation on how to distinguish between data sent via GET and via POST.

For example, I don't want users to be able to provide their login credentials through a GET request (http://example.com/login?username=user&password=pass) but, according to CherryPy's tutorial, all data is sent as method parameters, no matter what HTTP method they're sent as. Is there some way to say I only want the POST data or do I have to use MethodDispatcher?

Thanks!

Stadler answered 7/4, 2011 at 23:46 Comment(2)

Just a note that you shouldn't assume that just because something's coming in as a POST, the user hasn't tampered with it, or that nosey people can't see it. – Thirion 21/3, 2012 at 23:56

Be aware that discarding data sent via GET doesn't stop the user from trying to send it that way. – Serriform 28/10, 2015 at 10:36

See the docs.

A string containing the HTTP method, such as "GET" or "POST". Set in the "run" phase.

looks like checking cherrypy.request.method is what you want to do.

Cloven answered 8/4, 2011 at 0:4 Comment(2)

Excellent, thank you. It also looks like there's a way to get the data without specifying them in the method's parameters. – Stadler 8/4, 2011 at 2:21

documentation seems to have moved to docs.cherrypy.org/stable/refman/_cprequest.html You can extract just the POST arguments with cherrypy.request.body_params – Thirion 21/3, 2012 at 23:55

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags