[FIX] website_slides: allow to use only in POST

This method only expects to be called as POST and should not be called
with GET.
This commit enforces that.

[CLA] Signature for sushiwushi

closes odoo#71575

X-original-commit: 00f2eee
Signed-off-by: Martin Trigaux (mat) <mat@odoo.com>

Author: fw-bot

addons/website_slides/controllers/mail.py

@@ -33,7 +33,7 @@ def portal_chatter_post(self, res_model, res_id, message, **kw):
     @http.route([
         '/slides/mail/update_comment',
         '/mail/chatter_update',
-        ], type='json', auth="user")
+        ], type='json', auth="user", methods=['POST'])
     def mail_update_message(self, res_model, res_id, message, message_id, attachment_ids=None, attachment_tokens=None, **post):
         # keep this mechanism intern to slide currently (saas 12.5) as it is
         # considered experimental

addons/website_slides/controllers/main.py

@@ -1031,7 +1031,7 @@ def slide_category_search_read(self, fields, domain):
             'can_create': can_create,
         }
 
-    @http.route('/slides/category/add', type="http", website=True, auth="user")
+    @http.route('/slides/category/add', type="http", website=True, auth="user", methods=['POST'])
     def slide_category_add(self, channel_id, name):
         """ Adds a category to the specified channel. Slide is added at the end
         of slide list based on sequence. """

doc/cla/individual/sushiwushi.md

@@ -0,0 +1,11 @@
+Malaysia, 2021-06-01
+
+I hereby agree to the terms of the Odoo Individual Contributor License
+Agreement v1.0.
+
+I declare that I am authorized and able to make this agreement and sign this
+declaration.
+
+Signed,
+
+iamsushi 45194995+sushiwushi@users.noreply.github.com https://github.com/sushiwushi