Skip to content

ViewStatusMessagesServlet requires method POST for button 'Clear'#971

Merged
ceki merged 1 commit intoqos-ch:masterfrom
rw7:ViewStatusMessagesServletPost
Sep 29, 2025
Merged

ViewStatusMessagesServlet requires method POST for button 'Clear'#971
ceki merged 1 commit intoqos-ch:masterfrom
rw7:ViewStatusMessagesServletPost

Conversation

@rw7
Copy link
Copy Markdown
Contributor

@rw7 rw7 commented Sep 24, 2025

The button 'Clear' has a side-effect and should not work with GET, as GET is considered a Safe Method not taking an action other than retrieval.

https://www.rfc-editor.org/rfc/rfc2616#section-9.1.1

I'd like to restrict users from doing any changes by restricting them to method GET. With that said one might consider this change as a security fix.

@rw7 rw7 force-pushed the ViewStatusMessagesServletPost branch from b949f64 to 5d2833d Compare September 24, 2025 14:14
@rw7
ViewStatusMessagesServlet requires method POST for button 'Clear'
d8430d3 
The button 'Clear' has a side-effect and should not work with GET,
as GET is considered a Safe Method not taking an action other than retrieval.

https://www.rfc-editor.org/rfc/rfc2616#section-9.1.1

I'd like to restrict users from doing any changes by restricting them to method GET.
With that said one might consider this change as a security fix.

Signed-off-by: Ralf Wiebicke <ralf.wiebicke@exedio.com>
@rw7 rw7 force-pushed the ViewStatusMessagesServletPost branch from 5d2833d to d8430d3 Compare September 24, 2025 14:17
@ceki ceki merged commit c76fed3 into qos-ch:master Sep 29, 2025
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rw7 @ceki