Merge pull request #173 from syncrou/remove_patch_post_redirects

Remove POST PATCH as available redirect options
RedHatInsights · Sep 28, 2020 · 3a5da59 · 3a5da59
2 parents d0575c9 + 6127cd2
commit 3a5da59
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [4.1.4] - 2020-09-25
+### Changed
+- Remove POST / PATCH from redirects #173
+
 ## [4.1.3] - 2020-08-26
 ### Changed
 - Pin cloudwatchlogger gem to ~> 0.2.1 #207
@@ -189,7 +193,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [0.1.0] - 2019-09-24
 ### Initial release to rubygems.org
 
-[Unreleased]: https://github.com/RedHatInsights/insights-api-common-rails/compare/v4.1.3...HEAD
+
+[Unreleased]: https://github.com/RedHatInsights/insights-api-common-rails/compare/v4.1.4...HEAD
+[4.1.4]: https://github.com/RedHatInsights/insights-api-common-rails/compare/v4.1.3...v4.1.4
 [4.1.3]: https://github.com/RedHatInsights/insights-api-common-rails/compare/v4.1.2...v4.1.3
 [4.1.2]: https://github.com/RedHatInsights/insights-api-common-rails/compare/v4.1.1...v4.1.2
 [4.1.1]: https://github.com/RedHatInsights/insights-api-common-rails/compare/v4.1.0...v4.1.1

diff --git a/lib/insights/api/common/routing.rb b/lib/insights/api/common/routing.rb
@@ -8,7 +8,7 @@ def initialize(route_mapper)
           @route_mapper = route_mapper
         end
 
-        def redirect_major_version(version, prefix, via: [:delete, :get, :options, :patch, :post])
+        def redirect_major_version(version, prefix, via: [:delete, :get, :options])
           route_mapper.match(
             "/#{version.split('.').first}/*path(.:format)",
             :format => false,

diff --git a/lib/insights/api/common/version.rb b/lib/insights/api/common/version.rb
@@ -1,7 +1,7 @@
 module Insights
   module API
     module Common
-      VERSION = "4.1.3".freeze
+      VERSION = "4.1.4".freeze
     end
   end
 end
diff --git a/spec/lib/insights/api/common/routing_spec.rb b/spec/lib/insights/api/common/routing_spec.rb
@@ -1,5 +1,6 @@
 RSpec.describe Insights::API::Common::Routing, :type => :request do
   let(:expected_version) { "v0.1" }
+  let(:major_version) { "v1" }
 
   describe("/api/v0") do
     it "sanity test for a regular resource" do
@@ -25,5 +26,9 @@
       expect(response.status).to eq(200)
       expect(response.headers["Location"]).to be_nil
     end
+
+    it "does not allow redirects to a POST endpoint" do
+      expect { post("/api/#{major_version}/graphql") }.to raise_exception(ActionController::RoutingError)
+    end
   end
 end