[
https://issues.apache.org/jira/browse/FINERACT-1423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Petri Tuomola reassigned FINERACT-1423:
---------------------------------------
Assignee: (was: Petri Tuomola)
> http (i.e. non-SSL) only responds with GET to any requests (POST / PUT /
> DELETE)
> --------------------------------------------------------------------------------
>
> Key: FINERACT-1423
> URL: https://issues.apache.org/jira/browse/FINERACT-1423
> Project: Apache Fineract
> Issue Type: Bug
> Affects Versions: 1.5.0
> Reporter: Petri Tuomola
> Priority: Major
>
> If you access any API using method POST / PUT / DELETE but with http (not
> HTTPS), Fineract responds as if you had done a GET.
> So PUT /fineract-provider/api/v1/offices/2 is actually actioned as GET
> /fineract-provider/api/v1/offices/2 when done with http
> If you change to https, everything works well.
> This means that HTTP endpoint is pretty much dead for all practical purposes.
> To avoid confusion, my suggestion would be that we disable this and just
> reject any call to HTTP, rather than responding with the incorrect response.
> HTTP is anyway insecure and should not be used.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
