diff options
author | Roeland Jago Douma <roeland@famdouma.nl> | 2020-11-18 23:42:51 +0300 |
---|---|---|
committer | Roeland Jago Douma <roeland@famdouma.nl> | 2020-11-18 23:52:55 +0300 |
commit | ddca81d99cc1b32d114c4fc6ae68ac9b52ab5c9b (patch) | |
tree | 504c74528d8fc3f109b76234ffff0bd708779585 /src | |
parent | 9fd07c820e2b22efc26887540027f85150d5cbea (diff) |
Move away from GET
We send some (not always sensitive but still) infor in the GET requests.
Better to do this with PUT (create session) and POST (fetch and close).
So that we don't leak anything we do not want to leak.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'src')
-rw-r--r-- | src/services/SyncService.js | 42 |
1 files changed, 17 insertions, 25 deletions
diff --git a/src/services/SyncService.js b/src/services/SyncService.js index 8ee1a0315..cb86f2021 100644 --- a/src/services/SyncService.js +++ b/src/services/SyncService.js @@ -135,27 +135,22 @@ class SyncService { } _openDocument({ fileId, filePath }) { - return axios.get(endpointUrl('session/create', !!this.options.shareToken), { - params: { - fileId, - filePath, - token: this.options.shareToken, - guestName: this.options.guestName, - forceRecreate: this.options.forceRecreate, - }, + return axios.put(endpointUrl('session/create', !!this.options.shareToken), { + fileId, + filePath, + token: this.options.shareToken, + guestName: this.options.guestName, + forceRecreate: this.options.forceRecreate, }) } _fetchDocument() { - return axios.get( + return axios.post( endpointUrl('session/fetch', !!this.options.shareToken), { - transformResponse: [(data) => data], - params: { - documentId: this.document.id, - sessionId: this.session.id, - sessionToken: this.session.token, - token: this.options.shareToken, - }, + documentId: this.document.id, + sessionId: this.session.id, + sessionToken: this.session.token, + token: this.options.shareToken, } ) } @@ -280,16 +275,13 @@ class SyncService { return Promise.resolve() } this.backend.disconnect() - return axios.get( + return axios.post( endpointUrl('session/close', !!this.options.shareToken), { - params: { - documentId: this.document.id, - sessionId: this.session.id, - sessionToken: this.session.token, - token: this.options.shareToken, - }, - } - ) + documentId: this.document.id, + sessionId: this.session.id, + sessionToken: this.session.token, + token: this.options.shareToken, + }) } on(event, callback, _this) { |