[FIX] website_slides: allow to use only in POST

This method only expects to be called as POST and should not be called
with GET.
This commit enforces that.

closes odoo#71554

X-original-commit: d8c1d9f
Signed-off-by: Martin Trigaux (mat) <[email protected]>

Author: sushiwushi

addons/website_slides/controllers/mail.py

@@ -27,7 +27,7 @@ def portal_chatter_post(self, res_model, res_id, message, **kw):
     @http.route([
         '/slides/mail/update_comment',
         '/mail/chatter_update',
-        ], type='http', auth="user")
+        ], type='http', auth="user", methods=['POST'])
     def mail_update_message(self, res_model, res_id, message, message_id, redirect=None, attachment_ids='', attachment_tokens='', **post):
         # keep this mechanism intern to slide currently (saas 12.5) as it is
         # considered experimental

addons/website_slides/controllers/main.py

@@ -991,7 +991,7 @@ def slide_category_search_read(self, fields, domain):
             'can_create': can_create,
         }
 
-    @http.route('/slides/category/add', type="http", website=True, auth="user")
+    @http.route('/slides/category/add', type="http", website=True, auth="user", methods=['POST'])
     def slide_category_add(self, channel_id, name):
         """ Adds a category to the specified channel. Slide is added at the end
         of slide list based on sequence. """