Closed XaviP closed 4 years ago
I've noticed this when directly accessing ^request-token/$
However in webservices/sync.py
there's this:
if getattr(request, 'body', None):
signed_data = request.body
else:
signed_data = request.raw_post_data
I haven't actually gone through setting the whole thing up yet, but my guess is that the bug is exposed here because a normal workflow would not access that specific uri without a POST
and thus the request.body
wouldn't be empty.
IMHO this is a bug in webservices and not in simple-sso, it also does not break normal operation, though it is an inconvenience.
update:
it does indeed seem that
curl --include https://example.org/identd/request-token/ -X POST -d '...'
verifief this is indeed the case.
IMHO this error happens only when you do a GET request on the endpoint expecting POST. The easiest workaround would be to wrap provider_for_django
with require_POST
It seems that webservices==0.7 uses request.raw_post_data, instead of request.body (django>1.6) Here's the error on py3, dj1.11, django-simple-sso==0.13.2:
Here some explanation: https://stackoverflow.com/questions/22368190/django-cant-access-raw-post-data#answer-22368223