def _dispatch(self, request, helper, project_id=None, origin=None,
*args, **kwargs):
# NOTE: We need to override the auth flow for a CSP report!
# A CSP report is sent as a POST request with no Origin or Referer
# header. What we're left with is a 'document-uri' key which is
# inside of the JSON body of the request. This 'document-uri' value
# should be treated as an origin check since it refers to the page
# that triggered the report. The Content-Type is supposed to be
# `application/csp-report`, but FireFox sends it as `application/json`.
if request.method != 'POST':
return HttpResponseNotAllowed(['POST'])
if request.META.get('CONTENT_TYPE') not in self.content_types:
raise APIError('Invalid Content-Type')
request.user = AnonymousUser()
project = self._get_project_from_id(project_id)
helper.context.bind_project(project)
Raven.tags_context(helper.context.get_tags_context())
# This is yanking the auth from the querystring since it's not
# in the POST body. This means we expect a `sentry_key` and
# `sentry_version` to be set in querystring
auth = self._parse_header(request, helper, project)
project_ = helper.project_from_auth(auth)
if project_ != project:
raise APIError('Two different project were specified')
helper.context.bind_auth(auth)
Raven.tags_context(helper.context.get_tags_context())
return super(APIView, self).dispatch(
request=request,
project=project,
auth=auth,
helper=helper,
**kwargs
)
评论列表
文章目录
