Skip to content
Snippets Groups Projects
Commit fda3e0c3 authored by Tanner Prestegard's avatar Tanner Prestegard Committed by GraceDB
Browse files

Restrict access to flexigrid search result view 

Prevent the function for generating search results for the flexigrid
table from being accessed except by AJAX. This prevents users from
overriding the expected parameters and generating server errors.
parent e161e775
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 6 additions and 0 deletions
gracedb/search/views.py
+ 6
0
View file @ fda3e0c3
......@@ -52,6 +52,12 @@ def search(request):
# Get call from template for populating flexigrid table
if _format == 'F':
if not request.is_ajax():
err_msg = ("You have tried to access an internal view "
"which is used for generating JavaScript search "
"results. Set 'results_format' to 'S' in your "
"query parameters.")
return HttpResponseBadRequest(err_msg)
# Flex format
if query_type == 'S':
# Superevent query
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment