github/reddit
1
1
Fork 0
mirror of https://github.com/reddit-archive/reddit.git synced 2026-04-27 03:00:12 -04:00
Code Issues Packages Projects Releases Wiki Activity

Allow OPTIONS requests to private Subreddits

Browse Source
This commit is contained in:
Keith Mitchell
2015-04-06 10:37:50 -07:00
parent 5f7526bc59
commit 2371f05922
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
r2/r2/controllers/reddit_base.py
View File

@@ -1617,7 +1617,10 @@ class RedditController(OAuth2ResourceController):
self.abort404()
# check if the user has access to this subreddit
if not c.site.can_view(c.user) and not c.error_page:
# Allow OPTIONS requests through, as no response body
# is sent in those cases - just a set of headers
if (not c.site.can_view(c.user) and not c.error_page and
request.method != "OPTIONS"):
if isinstance(c.site, LabeledMulti):
# do not leak the existence of multis via 403.
self.abort404()