6

I've been deciding between Python web frameworks for a project of mine and I've really liked how lightweight, flexible, and concise CherryPy is compared to others. The only problem I'm having is I can't find any documentation on how to distinguish between data sent via GET and via POST.

For example, I don't want users to be able to provide their login credentials through a GET request (http://example.com/login?username=user&password=pass) but, according to CherryPy's tutorial, all data is sent as method parameters, no matter what HTTP method they're sent as. Is there some way to say I only want the POST data or do I have to use MethodDispatcher?

Thanks!

Patrick
  • 489
  • 6
  • 15
  • Just a note that you shouldn't assume that just because something's coming in as a POST, the user hasn't tampered with it, or that nosey people can't see it. – Colin Coghill Mar 21 '12 at 23:56
  • Be aware that discarding data sent via GET doesn't stop the user from trying to send it that way. – The Tahaan Oct 28 '15 at 10:36

1 Answers1

9

See the docs.

A string containing the HTTP method, such as "GET" or "POST". Set in the "run" phase.

looks like checking cherrypy.request.method is what you want to do.

Community
  • 1
  • 1
photoionized
  • 5,092
  • 20
  • 23
  • Excellent, thank you. It also looks like there's [a way](http://cherrypy.org/wiki/RequestObject#params) to get the data without specifying them in the method's parameters. – Patrick Apr 08 '11 at 02:21
  • 1
    documentation seems to have moved to http://docs.cherrypy.org/stable/refman/_cprequest.html You can extract just the POST arguments with cherrypy.request.body_params – Colin Coghill Mar 21 '12 at 23:55