Presenter: checks $allowedMethods

src/Application/UI/Presenter.php

@@ -74,6 +74,9 @@ abstract class Presenter extends Control implements Application\IPresenter
 	/** @var bool  use absolute Urls or paths? */
 	public $absoluteUrls = false;
 
+	/** @var string[] */
+	public $allowedMethods = ['GET', 'POST', 'HEAD', 'PUT', 'DELETE'];
+
 	/** @var Nette\Application\Request|null */
 	private $request;
 
@@ -215,6 +218,7 @@ public function run(Application\Request $request): Application\Response
 		try {
 			// STARTUP
 			$this->checkRequirements(static::getReflection());
+			$this->checkHttpMethod();
 			Arrays::invoke($this->onStartup, $this);
 			$this->startup();
 			if (!$this->startupCheck) {
@@ -333,6 +337,17 @@ public function detectedCsrf(): void
 	}
 
 
+	protected function checkHttpMethod(): void
+	{
+		if ($this->allowedMethods &&
+			!in_array($method = $this->httpRequest->getMethod(), $this->allowedMethods, true)
+		) {
+			$this->httpResponse->setHeader('Allow', implode(',', $this->allowedMethods));
+			$this->error("Method $method is not allowed", Nette\Http\IResponse::S405_MethodNotAllowed);
+		}
+	}
+
+
 	/********************* signal handling ****************d*g**/