diff options
author | Roeland Jago Douma <roeland@famdouma.nl> | 2020-11-18 23:42:51 +0300 |
---|---|---|
committer | Roeland Jago Douma <roeland@famdouma.nl> | 2020-11-18 23:52:55 +0300 |
commit | ddca81d99cc1b32d114c4fc6ae68ac9b52ab5c9b (patch) | |
tree | 504c74528d8fc3f109b76234ffff0bd708779585 /appinfo | |
parent | 9fd07c820e2b22efc26887540027f85150d5cbea (diff) |
Move away from GET
We send some (not always sensitive but still) infor in the GET requests.
Better to do this with PUT (create session) and POST (fetch and close).
So that we don't leak anything we do not want to leak.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'appinfo')
-rw-r--r-- | appinfo/routes.php | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/appinfo/routes.php b/appinfo/routes.php index 167cd01dd..6935e0918 100644 --- a/appinfo/routes.php +++ b/appinfo/routes.php @@ -26,19 +26,19 @@ namespace OCA\Text\AppInfo; return [ 'routes' => [ - ['name' => 'Session#create', 'url' => '/session/create', 'verb' => 'GET'], - ['name' => 'Session#fetch', 'url' => '/session/fetch', 'verb' => 'GET'], + ['name' => 'Session#create', 'url' => '/session/create', 'verb' => 'PUT'], + ['name' => 'Session#fetch', 'url' => '/session/fetch', 'verb' => 'POST'], ['name' => 'Session#sync', 'url' => '/session/sync', 'verb' => 'POST'], ['name' => 'Session#push', 'url' => '/session/push', 'verb' => 'POST'], - ['name' => 'Session#close', 'url' => '/session/close', 'verb' => 'GET'], + ['name' => 'Session#close', 'url' => '/session/close', 'verb' => 'POST'], - ['name' => 'PublicSession#create', 'url' => '/public/session/create', 'verb' => 'GET'], + ['name' => 'PublicSession#create', 'url' => '/public/session/create', 'verb' => 'PUT'], ['name' => 'PublicSession#updateSession', 'url' => '/public/session', 'verb' => 'POST'], - ['name' => 'PublicSession#fetch', 'url' => '/public/session/fetch', 'verb' => 'GET'], + ['name' => 'PublicSession#fetch', 'url' => '/public/session/fetch', 'verb' => 'POST'], ['name' => 'PublicSession#sync', 'url' => '/public/session/sync', 'verb' => 'POST'], ['name' => 'PublicSession#push', 'url' => '/public/session/push', 'verb' => 'POST'], - ['name' => 'PublicSession#close', 'url' => '/public/session/close', 'verb' => 'GET'], + ['name' => 'PublicSession#close', 'url' => '/public/session/close', 'verb' => 'POST'], ['name' => 'Settings#updateConfig', 'url' => '/settings', 'verb' => 'POST'], ], |