protect_from_forgery
+ before_filter :fetch_body
+
if STATUS == :database_readonly or STATUS == :database_offline
def self.cache_sweeper(*sweepers)
end
end
end
+ def require_oauth
+ @oauth = @user.access_token(OAUTH_KEY) if @user and defined? OAUTH_KEY
+ end
+
##
# requires the user to be logged in by the token or HTTP methods, or have an
# OAuth token with the right capability. this method is a bit of a pain to call
format.all { render :nothing => true, :status => :not_found }
end
end
-
+
+ ##
+ # Unfortunately if a PUT or POST request that has a body fails to
+ # read it then Apache will sometimes fail to return the response it
+ # is given to the client properly, instead erroring:
+ #
+ # https://issues.apache.org/bugzilla/show_bug.cgi?id=44782
+ #
+ # To work round this we call rewind on the body here, which is added
+ # as a filter, to force it to be fetched from Apache into a file.
+ def fetch_body
+ request.body.rewind
+ end
+
private
# extract authorisation credentials from headers, returns user = nil if none