FIX: Fixes #63 Conditionally permit additional GET request in POST context. (#64)

This commit is contained in:
Russ Michell 2018-05-31 12:11:12 +12:00 committed by Robbie Averill
parent 489f8c576f
commit 8e4fbd0636

View File

@ -41,6 +41,10 @@ use SilverStripe\CMS\Model\SiteTree;
*/ */
class RestfulServer extends Controller class RestfulServer extends Controller
{ {
/**
* @config
* @var array
*/
private static $url_handlers = array( private static $url_handlers = array(
'$ClassName!/$ID/$Relation' => 'handleAction', '$ClassName!/$ID/$Relation' => 'handleAction',
'' => 'notFound' '' => 'notFound'
@ -62,10 +66,24 @@ class RestfulServer extends Controller
* If no extension is given in the request, resolve to this extension * If no extension is given in the request, resolve to this extension
* (and subsequently the {@link self::$default_mimetype}. * (and subsequently the {@link self::$default_mimetype}.
* *
* @config
* @var string * @var string
*/ */
private static $default_extension = "xml"; private static $default_extension = "xml";
/**
* Whether or not to send an additional "Location" header for POST requests
* to satisfy HTTP 1.1: https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
*
* Note: With this enabled (the default), no POST request for resource creation
* will return an HTTP 201. Because of the addition of the "Location" header,
* all responses become a straight HTTP 200.
*
* @config
* @var boolean
*/
private static $location_header_on_create = true;
/** /**
* If no extension is given, resolve the request to this mimetype. * If no extension is given, resolve the request to this mimetype.
* *
@ -584,10 +602,15 @@ class RestfulServer extends Controller
$type = ".{$types[0]}"; $type = ".{$types[0]}";
} }
$urlSafeClassName = $this->sanitiseClassName(get_class($obj)); // Deviate slightly from the spec: Helps datamodel API access restrict
$apiBase = $this->config()->api_base; // to consulting just canCreate(), not canView() as a result of the additional
$objHref = Director::absoluteURL($apiBase . "$urlSafeClassName/$obj->ID" . $type); // "Location" header.
$this->getResponse()->addHeader('Location', $objHref); if ($this->config()->get('location_header_on_create')) {
$urlSafeClassName = $this->sanitiseClassName(get_class($obj));
$apiBase = $this->config()->api_base;
$objHref = Director::absoluteURL($apiBase . "$urlSafeClassName/$obj->ID" . $type);
$this->getResponse()->addHeader('Location', $objHref);
}
return $responseFormatter->convertDataObject($obj); return $responseFormatter->convertDataObject($obj);
} }