From 35077703a009cf66c984926bf50ec557bea37279 Mon Sep 17 00:00:00 2001
From: Sagar Vora <16315650+sagarvora@users.noreply.github.com>
Date: Fri, 21 Nov 2025 17:46:21 +0530
Subject: [PATCH] fix: only allow POST in some api/v2/ methods

---
 frappe/api/v2.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/frappe/api/v2.py b/frappe/api/v2.py
index 09d403541d..e44e2b533e 100644
--- a/frappe/api/v2.py
+++ b/frappe/api/v2.py
@@ -271,9 +271,9 @@ def run_doc_method(method: str, document: dict[str, Any] | str, kwargs=None):
 url_rules = [
 	# RPC calls
 	Rule("/method/login", endpoint=login),
-	Rule("/method/logout", endpoint=logout),
+	Rule("/method/logout", endpoint=logout, methods=["POST"]),
 	Rule("/method/ping", endpoint=frappe.ping),
-	Rule("/method/upload_file", endpoint=upload_file),
+	Rule("/method/upload_file", endpoint=upload_file, methods=["POST"]),
 	Rule("/method/<method>", endpoint=handle_rpc_call),
 	Rule(
 		"/method/run_doc_method",