[jira] [Commented] (CLOUDSTACK-8505) Don't allow non-POST http requests on default login request

Pierre-Luc Dion (JIRA) Wed, 03 Jun 2015 18:30:13 -0700

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-8505?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14571949#comment-14571949
 ]


Pierre-Luc Dion commented on CLOUDSTACK-8505:
---------------------------------------------

[~bhaisaab] : any reason to remove GET from login request ?  What is the point 
of forcing POST if username/password are still param that can be sent in the 
URL and not the POST data? 

Thanks for the clarification because it is breaking automation.


> Don't allow non-POST http requests on default login request
> -----------------------------------------------------------
>
>                 Key: CLOUDSTACK-8505
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8505
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>            Reporter: Rohit Yadav
>            Assignee: Rohit Yadav
>             Fix For: 4.6.0, 4.5.2
>
>
> Disallow requests that are not POST requests.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (CLOUDSTACK-8505) Don't allow non-POST http requests on default login request

Reply via email to