Presenter: checks $allowedMethods

nette · Aug 27, 2023 · 83f5144 · KminekMatej · Aug 28, 2023 · dg
1 parent dca911e
commit 83f5144
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/src/Application/UI/Presenter.php b/src/Application/UI/Presenter.php
@@ -74,6 +74,9 @@ abstract class Presenter extends Control implements Application\IPresenter
 	/** @var bool  use absolute Urls or paths? */
 	public $absoluteUrls = false;
 
+	/** @var string[] */
+	public $allowedMethods = ['GET', 'POST', 'HEAD', 'PUT', 'DELETE'];
+
 	/** @var Nette\Application\Request|null */
 	private $request;
 
@@ -215,6 +218,7 @@ public function run(Application\Request $request): Application\Response
 		try {
 			// STARTUP
 			$this->checkRequirements(static::getReflection());
+			$this->checkHttpMethod();
 			Arrays::invoke($this->onStartup, $this);
 			$this->startup();
 			if (!$this->startupCheck) {
@@ -333,6 +337,17 @@ public function detectedCsrf(): void
 	}
 
 
+	protected function checkHttpMethod(): void
+	{
+		if ($this->allowedMethods &&
+			!in_array($method = $this->httpRequest->getMethod(), $this->allowedMethods, true)
+		) {
+			$this->httpResponse->setHeader('Allow', implode(',', $this->allowedMethods));
+			$this->error("Method $method is not allowed", Nette\Http\IResponse::S405_MethodNotAllowed);
+		}
+	}
+
+
 	/********************* signal handling ****************d*g**/