From 377dc2cda2c3a7aa02f5d761631f73c58745ed9d Mon Sep 17 00:00:00 2001
From: Tom Christie
Date: Tue, 12 Mar 2013 20:49:20 +0000
Subject: Only honor X-HTTP-Method-Override for POST requests.

---
 rest_framework/request.py | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'rest_framework/request.py')

diff --git a/rest_framework/request.py b/rest_framework/request.py
index f26d934d..ffbbab33 100644
--- a/rest_framework/request.py
+++ b/rest_framework/request.py
@@ -233,11 +233,14 @@ class Request(object):
                                            self.META.get('CONTENT_TYPE', ''))
 
         self._perform_form_overloading()
+
         if not _hasattr(self, '_method'):
-            # Method wasn't overloaded by hidden form element, so look for 
-            # method override in header. If not present default to raw HTTP method
-            self._method = self.META.get('HTTP_X_HTTP_METHOD_OVERRIDE', 
-                                         self._request.method)
+            self._method = self._request.method
+
+            if self._method == 'POST':
+                # Allow X-HTTP-METHOD-OVERRIDE header
+                self._method = self.META.get('HTTP_X_HTTP_METHOD_OVERRIDE',
+                                             self._method)
 
     def _load_stream(self):
         """
-- 
cgit v1.2.3