X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-web.git/blobdiff_plain/0109b75d7c0780c56a7d0f66ec24ba37fd84c2f1..refs/heads/prod:/code/view.py diff --git a/code/view.py b/code/view.py index 9452cf0..51f19a5 100644 --- a/code/view.py +++ b/code/view.py @@ -7,6 +7,7 @@ import simplejson import datetime, decimal from StringIO import StringIO from invirt.config import structs as config +import invirt.database from webcommon import State @@ -122,6 +123,8 @@ def require_POST(): if cherrypy.request.method != "POST": raise cherrypy.HTTPError(405, "You must submit this request with POST") + if not cherrypy.request.headers.get('Referer', '').startswith('https://' + config.web.hostname): + raise cherrypy.HTTPError(403, "This form is only usable when submitted from another page on this site. If you receive this message in error, check your browser's Referer settings.") cherrypy.tools.require_POST = cherrypy.Tool('on_start_resource', require_POST, priority=150) @@ -163,6 +166,9 @@ cherrypy.tools.invirtwebstate = cherrypy.Tool('on_start_resource', invirtwebstate_init, priority=100) +cherrypy.tools.clear_db_cache = cherrypy.Tool('on_start_resource', invirt.database.clear_cache) + + class View(object): _cp_config = {'tools.mako.directories': [os.path.join(os.path.dirname(__file__),'templates')]}