diff options
| author | Christoph Wurst <christoph@winzerhof-wurst.at> | 2017-04-24 11:02:07 +0200 |
|---|---|---|
| committer | Christoph Wurst <christoph@winzerhof-wurst.at> | 2017-04-25 20:47:18 +0200 |
| commit | 945420baaf1e06f1e6509013fc744c5aa67c89a3 (patch) | |
| tree | 8d166dbc46cc4ebdbb391f82c2e892e2e7c8bd70 | |
| parent | 5c29fb16c07a7a3730c19275779145b8bf617119 (diff) | |
| download | nextcloud-server-945420baaf1e06f1e6509013fc744c5aa67c89a3.tar.gz nextcloud-server-945420baaf1e06f1e6509013fc744c5aa67c89a3.zip | |
Use HTTP POST to retrieve the list of contacts
We do not want to have sensitive information in the URL and
therefore also not in the access log. Thus the GET request is
replaced by a POST request.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
| -rw-r--r-- | core/js/contactsmenu.js | 2 | ||||
| -rw-r--r-- | core/routes.php | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/core/js/contactsmenu.js b/core/js/contactsmenu.js index cad98c5d026..93d5c437197 100644 --- a/core/js/contactsmenu.js +++ b/core/js/contactsmenu.js @@ -476,7 +476,7 @@ _getContacts: function(searchTerm) { var url = OC.generateUrl('/contactsmenu/contacts'); return Promise.resolve($.ajax(url, { - method: 'GET', + method: 'POST', data: { filter: searchTerm } diff --git a/core/routes.php b/core/routes.php index 0e882c625fc..02556c3a50d 100644 --- a/core/routes.php +++ b/core/routes.php @@ -57,7 +57,7 @@ $application->registerRoutes($this, [ ['name' => 'Preview#getPreview', 'url' => '/core/preview.png', 'verb' => 'GET'], ['name' => 'Css#getCss', 'url' => '/css/{appName}/{fileName}', 'verb' => 'GET'], ['name' => 'Js#getJs', 'url' => '/js/{appName}/{fileName}', 'verb' => 'GET'], - ['name' => 'contactsMenu#index', 'url' => '/contactsmenu/contacts', 'verb' => 'GET'], + ['name' => 'contactsMenu#index', 'url' => '/contactsmenu/contacts', 'verb' => 'POST'], ], 'ocs' => [ ['root' => '/cloud', 'name' => 'OCS#getCapabilities', 'url' => '/capabilities', 'verb' => 'GET'], |