Hi all, This only affects a small proportion of tarsnap users, but a couple people have tripped over it already so I thought I should send out a heads-up email just in case.
If you have code which automatically fetches /manage.cgi with your login credentials, you may need to update it. Requests which do not have an "action" specified will now receive an HTTP 302 redirect to a GET; if your code does not follow redirects or discards cookies between requests then it will fail. Logging in using a web browser is not affected, since web browsers should handle the redirect and cookies properly. Requests which have an "action" parameter (e.g., to download usage records in CSV format) are also not affected. I believe the most common affected use case is for scraping the account balance from the interface. (The reason for this change was so that web browsers will keep a GET in their history rather than a POSTed form.) -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid
