Adds setting to force signature to use body only if form data
- Repository
-
jnormore
- Branch
- post_sig_form_opt
Bitbucket cannot automatically merge this request.
The commits that make up this pull request have been removed.
Bitbucket cannot automatically merge this request due to conflicts.
Review the conflicts on the Overview tab. You can then either decline the request or merge it manually on your local system using the following commands:
hg update default
hg pull -r post_sig_form_opt https://bitbucket.org/jnormore/django-piston
hg merge post_sig_form_opt
hg commit -m 'Merged in jnormore/django-piston/post_sig_form_opt (pull request #33)'
- Author
- Reviewers
-
- Description
-
http://oauth.net/core/1.0a/#sig_norm_param defines the normalized request param part of the signature base string as including only POST with form data:
"Parameters in the HTTP POST request body (with a content-type of application/x-www-form-urlencoded)."
This PR adds a check for a setting that allows this rule to be enforced. The reason for this is that if you include non-form encoded data, such as json the signature is incorrect since most clients ignore this. I made this an optional boolean setting (with default to False) to keep backwards compatibility, but ideally it should be enforced by default.
