From 4a3e8561ab109f3f171726bc2a7ebac1f23b72a6 Mon Sep 17 00:00:00 2001
From: Simon Willison <swillison@gmail.com>
Date: Wed, 23 Jun 2021 15:27:30 -0700
Subject: [PATCH] Default 405 for POST, plus tests

---
 datasette/views/base.py | 3 +++
 tests/test_html.py      | 7 +++++++
 2 files changed, 10 insertions(+)

diff --git a/datasette/views/base.py b/datasette/views/base.py
index 1a03b97f..a87a0e77 100644
--- a/datasette/views/base.py
+++ b/datasette/views/base.py
@@ -106,6 +106,9 @@ class BaseView:
     async def options(self, request, *args, **kwargs):
         return Response.text("Method not allowed", status=405)
 
+    async def post(self, request, *args, **kwargs):
+        return Response.text("Method not allowed", status=405)
+
     async def put(self, request, *args, **kwargs):
         return Response.text("Method not allowed", status=405)
 
diff --git a/tests/test_html.py b/tests/test_html.py
index ccee8b7e..aee6bce1 100644
--- a/tests/test_html.py
+++ b/tests/test_html.py
@@ -92,6 +92,13 @@ def test_memory_database_page():
         assert response.status == 200
 
 
+def test_not_allowed_methods():
+    with make_app_client(memory=True) as client:
+        for method in ("post", "put", "patch", "delete"):
+            response = client.request(path="/_memory", method=method.upper())
+            assert response.status == 405
+
+
 def test_database_page_redirects_with_url_hash(app_client_with_hash):
     response = app_client_with_hash.get("/fixtures", allow_redirects=False)
     assert response.status == 302