Home > Blockchain >  Does this use of the require_GET decorated add value?
Does this use of the require_GET decorated add value?

Time:04-22

I was reading this page on how to add a favicon to a Django website. In this article, the following code is presented to serve a favicon from the project root:

@require_GET
@cache_control(max_age=60 * 60 * 24, immutable=True, public=True)  # one day
def favicon(request: HttpRequest) -> HttpResponse:
    if settings.DEBUG:
        name = "favicon-debug.png"
    else:
        name = "favicon.png"
    file = (settings.BASE_DIR / "static" / name).open("rb")
    return FileResponse(file)

I understand the @require_GET decorator will ensure this "page" (or this case just an image, really) can only be opened using a GET request. But I wonder, given that all we output here is just a static image, is there any value in doing so? Why would this decorator be there?

CodePudding user response:

It's certainly not going to hurt, but it definitely isn't necessary. In your case, your favicon() method only serves one function and will only ever execute in one way. Therefore, the decorator is pretty much entirely superfluous.

The author likely just put it there because they heard it was "best practice". They probably also had been using it for all their other views.

Here's a more complete explanation on the Security Stack Exchange: https://security.stackexchange.com/questions/199776/why-should-someone-block-all-methods-other-than-get-and-post-in-a-restful-applic.

Page link:https//www.codepudding.com/Blockchain/380863.html

Prev:Query MongoDB to fetch a nested array with skip/limit by nested object key range in Django using pym
Next:Django GrahpQL ACL?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding