Disallow non-GET requests in wmako.

[wrw.git] / wrw / wmako.py

diff --git a/wrw/wmako.py b/wrw/wmako.py
index 491d8b3..13ce342 100644 (file)
--- a/wrw/wmako.py
+++ b/wrw/wmako.py
@@ -1,6 +1,6 @@
 import os, threading
 from mako import template, lookup, filters
-import util, form, session, env
+import util, form, session, env, resp
 
 # It seems Mako isn't thread-safe.
 makolock = threading.Lock()
@@ -43,6 +43,8 @@ def handle(req, filename, **kw):
 
 @util.wsgiwrap
 def application(req):
+    if req.method not in ["GET", "HEAD"]:
+        raise resp.httperror(405)
     return handle(req, req.filename,
                   form = form.formdata(req),
                   session = session.get(req))