Django REST shows non-allowed methods under Allow in the Browser

Asked Dec 16 '18 at 14:11

Active Dec 16 '18 at 14:57

Viewed 449 times

1

Goal

Is to disable OPTIONS method globally.

Background

According to the official Django REST docs (https://www.django-rest-framework.org/api-guide/metadata/), the proper way to do it is to set DEFAULT_METADATA_CLASS to None.

This resolves the problem. After trying to send the OPTIONS curl request, the server responds with the 405.

Problem

However the API Browser would still show methods under Allow that are actually not allowed:

Question

How to hide not-supported methods under Allow in Django API Browser?

asked Dec 16 '18 at 14:11

0leg

13,464
16
70
94

1

You can override the `def _allowed_methods(self)` method. – Willem Van Onsem Dec 16 '18 at 14:17
1

Perhaps this answer will be useful to you. https://stackoverflow.com/questions/23639113/disable-a-method-in-a-viewset-django-rest-framework – Mikhail Sidorov Dec 16 '18 at 14:18

1 Answers1

1

After checking the Disable a method in a ViewSet, django-rest-framework, it turned out there are at least 3 good approaches to address this:

Use Specific ViewSets instead of just inheriting ModelViewSet
Overwrite _allowed_methods()
Define http_method_names()

It was decided to:

Set DEFAULT_METADATA_CLASS to None (to make sure non-defined methods are not exposed).
Define http_method_names for each ViewSet (to hide them in the Browser API).

answered Dec 16 '18 at 14:57

0leg

13,464
16
70
94