From 486dbe1fbc5f3ef27c2e647fef906bfc6fdeadc8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9my=20HUBSCHER?= <rhubscher@mozilla.com>
Date: Thu, 25 Feb 2016 15:53:38 +0100
Subject: [PATCH] Service should only accept application/json content-types on
 POST/PUT/PATCH verbs.

---
 cliquet/resource/viewset.py | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/cliquet/resource/viewset.py b/cliquet/resource/viewset.py
index 90bfee3e..115dea68 100644
--- a/cliquet/resource/viewset.py
+++ b/cliquet/resource/viewset.py
@@ -28,6 +28,8 @@ class ViewSet(object):
 
     readonly_methods = ('GET', 'OPTIONS', 'HEAD')
 
+    content_types = ["application/json"]
+
     service_arguments = {
         'description': 'Collection of {resource_name}',
     }
@@ -36,6 +38,18 @@ class ViewSet(object):
         'permission': authorization.PRIVATE
     }
 
+    default_post_arguments = {
+        "content_type": content_types,
+    }
+
+    default_put_arguments = {
+        "content_type": content_types,
+    }
+
+    default_patch_arguments = {
+        "content_type": content_types,
+    }
+
     default_collection_arguments = {}
     collection_get_arguments = {
         'cors_headers': ('Next-Page', 'Total-Records', 'Last-Modified', 'ETag',
@@ -72,10 +86,14 @@ def get_view_arguments(self, endpoint_type, resource_cls, method):
                                     'default_%s_arguments' % endpoint_type)
         args.update(**default_arguments)
 
-        by_method = '%s_%s_arguments' % (endpoint_type, method.lower())
-        method_args = getattr(self, by_method, {})
+        by_http_verb = 'default_%s_arguments' % method.lower()
+        method_args = getattr(self, by_http_verb, {})
         args.update(**method_args)
 
+        by_method = '%s_%s_arguments' % (endpoint_type, method.lower())
+        endpoint_args = getattr(self, by_method, {})
+        args.update(**endpoint_args)
+
         args['schema'] = self.get_record_schema(resource_cls, method)
 
         return args