From 283cd944beefce8e364f238f25133e2d65b7702b Mon Sep 17 00:00:00 2001
From: Dan McGee <dan@archlinux.org>
Date: Tue, 16 Apr 2013 20:16:06 -0500
Subject: Use require_safe decorator rather than require_GET

This was added in Django 1.4, and ensures both GET and HEAD requests,
but not POST requests, are allowed through.

Signed-off-by: Dan McGee <dan@archlinux.org>
---
 packages/views/__init__.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'packages')

diff --git a/packages/views/__init__.py b/packages/views/__init__.py
index 4c195385..c1f0f492 100644
--- a/packages/views/__init__.py
+++ b/packages/views/__init__.py
@@ -9,7 +9,7 @@ from django.db.models import Q
 from django.http import HttpResponse
 from django.shortcuts import redirect, render
 from django.views.decorators.cache import cache_control
-from django.views.decorators.http import require_GET, require_POST
+from django.views.decorators.http import require_safe, require_POST
 
 from main.models import Package, Arch
 from ..models import PackageRelation
@@ -24,7 +24,7 @@ from .search import search_json
 from .signoff import signoffs, signoff_package, signoff_options, signoffs_json
 
 
-@require_GET
+@require_safe
 @cache_control(public=True, max_age=86400)
 def opensearch(request):
     if request.is_secure():
@@ -37,7 +37,7 @@ def opensearch(request):
             content_type='application/opensearchdescription+xml')
 
 
-@require_GET
+@require_safe
 @cache_control(public=True, max_age=300)
 def opensearch_suggest(request):
     search_term = request.GET.get('q', '')
-- 
cgit v1.2.3-55-g3dc8