From 88f706698ef39c44216e898b72c4dd06dc492285 Mon Sep 17 00:00:00 2001
From: tomoron <tomoron@student.42angouleme.fr>
Date: Wed, 11 Sep 2024 17:03:10 +0200
Subject: [PATCH] check if requeset to page is POST

---
 .../requirements/djangoserver/file/server/server/views.py     | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docker-compose/requirements/djangoserver/file/server/server/views.py b/docker-compose/requirements/djangoserver/file/server/server/views.py
index 459e449..62e1ae7 100644
--- a/docker-compose/requirements/djangoserver/file/server/server/views.py
+++ b/docker-compose/requirements/djangoserver/file/server/server/views.py
@@ -17,12 +17,14 @@ def index(request):
 
 def homePage(request):
 	request.session.save()
+	if(request.method != "POST"):
+		return(HttpResponse("wrong method",status=403))
 	link42 = f"https://api.intra.42.fr/oauth/authorize?client_id={UID42}&redirect_uri={SERVER_URL}/login42&response_type=code&scope=public"
 	return render(request, "homePage.html", {"link42" : link42})
 
 def lobbyPage(request):
 	request.session.save()
-	if(not request.session.get("logged_in", False)):
+	if(not request.session.get("logged_in", False) or request.method != "POST"):
 		return(HttpResponse("you are not logged in",status=403))
 	return render(request, "lobbyPage.html", {})