0leg
Reputation: 14144
Django REST shows non-allowed methods under Allow in the Browser
Goal
Is to disable OPTIONS method globally.
Background
According to the official Django REST docs (https://www.django-rest-framework.org/api-guide/metadata/), the proper way to do it is to set DEFAULT_METADATA_CLASS to None.
This resolves the problem. After trying to send the OPTIONS curl request, the server responds with the 405.
Problem
However the API Browser would still show methods under Allow that are actually not allowed:
Question
How to hide not-supported methods under Allow in Django API Browser?
Upvotes: 2
Views: 653
Answers (1)
0leg
Reputation: 14144
After checking the Disable a method in a ViewSet, django-rest-framework, it turned out there are at least 3 good approaches to address this:
- Use Specific ViewSets instead of just inheriting
ModelViewSet - Overwrite _allowed_methods()
- Define http_method_names()
It was decided to:
- Set
DEFAULT_METADATA_CLASStoNone(to make sure non-defined methods are not exposed). - Define
http_method_namesfor each ViewSet (to hide them in the Browser API).
Upvotes: 1
Related Questions
- django-rest-framework limit the allowed_methods to GET
- How to control allowed methods in Django Rest Framework?
- Rest API call returning forbidden
- How to correctly set Allow header for a HTTP_405_METHOD_NOT_ALLOWED status code in Django REST framework
- Method Not Allowed - Django Rest Framework
- django rest framework - allow only certain methods
- AllowAny for get method in djangorestframework
- django 405 method not allowed
- HTTP 405 Method Not Allowed Error in Django
- Django rest framework permissions