Jan Schlicht created MESOS-5346:
-----------------------------------
Summary: Some endpoints do not specify their allowed request
methods.
Key: MESOS-5346
URL: https://issues.apache.org/jira/browse/MESOS-5346
Project: Mesos
Issue Type: Bug
Components: security, technical debt
Reporter: Jan Schlicht
Some HTTP endpoints (for example "/flags" or "/state") create a response
regardless of what the request method is. For example an HTTP POST to the
"/state" endpoint will create the same response as an HTTP GET.
While this inconsistency isn't harmful at the moment, it will get problematic
when authorization is implemented, using separate ACLs for endpoints that can
be GETed and endpoints that can be POSTed to.
Validation of the request method should be added to all endpoints, e.g.
"/state" should return a 405 (Method Not Allowed) when POSTed to.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
