From 83f5144840a1aa38eb7bae58ce58a9d0c5f10177 Mon Sep 17 00:00:00 2001
From: David Grudl <david@grudl.com>
Date: Mon, 9 Jan 2023 18:23:48 +0100
Subject: [PATCH] Presenter: checks $allowedMethods

---
 src/Application/UI/Presenter.php | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/Application/UI/Presenter.php b/src/Application/UI/Presenter.php
index cffb7a668..ae4cb535e 100644
--- a/src/Application/UI/Presenter.php
+++ b/src/Application/UI/Presenter.php
@@ -74,6 +74,9 @@ abstract class Presenter extends Control implements Application\IPresenter
 	/** @var bool  use absolute Urls or paths? */
 	public $absoluteUrls = false;
 
+	/** @var string[] */
+	public $allowedMethods = ['GET', 'POST', 'HEAD', 'PUT', 'DELETE'];
+
 	/** @var Nette\Application\Request|null */
 	private $request;
 
@@ -215,6 +218,7 @@ public function run(Application\Request $request): Application\Response
 		try {
 			// STARTUP
 			$this->checkRequirements(static::getReflection());
+			$this->checkHttpMethod();
 			Arrays::invoke($this->onStartup, $this);
 			$this->startup();
 			if (!$this->startupCheck) {
@@ -333,6 +337,17 @@ public function detectedCsrf(): void
 	}
 
 
+	protected function checkHttpMethod(): void
+	{
+		if ($this->allowedMethods &&
+			!in_array($method = $this->httpRequest->getMethod(), $this->allowedMethods, true)
+		) {
+			$this->httpResponse->setHeader('Allow', implode(',', $this->allowedMethods));
+			$this->error("Method $method is not allowed", Nette\Http\IResponse::S405_MethodNotAllowed);
+		}
+	}
+
+
 	/********************* signal handling ****************d*g**/