Theme cookie tween: only affect GET requests

I was seeing some strange behavior from this tween on non-GET requests, where a huge number of Set-Cookie headers were being added. I'm not sure exactly what was causing this, but it's not necessary to do on non-GET requests anyway, so this should be safer.
6 years ago · 7c53b09816
1 changed files with 4 additions and 0 deletions
--- a/tildes/tildes/tweens.py
+++ b/tildes/tildes/tweens.py
@ -72,6 +72,10 @@ def theme_cookie_tween_factory(handler: Callable, registry: Registry) -> Callabl
        """Set the theme cookie if needed (currently always, see comment below)."""
        response = handler(request)

+        # only set the cookie on GET requests
+        if request.method.upper() != "GET":
+            return response
+
        current_theme = request.cookies.get("theme", "")
        if not current_theme and request.user:
            current_theme = request.user.theme_default