[
https://issues.apache.org/jira/browse/FINERACT-1423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Petri Tuomola updated FINERACT-1423:
------------------------------------
Description:
If you access any API using method POST / PUT / DELETE but with http (not
HTTPS), Fineract responds as if you had done a GET.
So PUT /fineract-provider/api/v1/offices/2 is actually actioned as GET
/fineract-provider/api/v1/offices/2 when done with http
If you change to https, everything works well.
This means that HTTP endpoint is pretty much dead for all practical purposes.
To avoid confusion, my suggestion would be that we disable this and just reject
any call to HTTP, rather than responding with the incorrect response. HTTP is
anyway insecure and should not be used.
> http (i.e. non-SSL) only responds with GET to any requests (POST / PUT /
> DELETE)
> --------------------------------------------------------------------------------
>
> Key: FINERACT-1423
> URL: https://issues.apache.org/jira/browse/FINERACT-1423
> Project: Apache Fineract
> Issue Type: Bug
> Affects Versions: 1.5.0
> Reporter: Petri Tuomola
> Assignee: Petri Tuomola
> Priority: Major
>
> If you access any API using method POST / PUT / DELETE but with http (not
> HTTPS), Fineract responds as if you had done a GET.
> So PUT /fineract-provider/api/v1/offices/2 is actually actioned as GET
> /fineract-provider/api/v1/offices/2 when done with http
> If you change to https, everything works well.
> This means that HTTP endpoint is pretty much dead for all practical purposes.
> To avoid confusion, my suggestion would be that we disable this and just
> reject any call to HTTP, rather than responding with the incorrect response.
> HTTP is anyway insecure and should not be used.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
