[ https://issues.apache.org/jira/browse/FINERACT-1423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Petri Tuomola resolved FINERACT-1423. ------------------------------------- Resolution: Won't Fix I think this works as expected. If you go for a http request, it forwards you to https. However forward is only a HTTP GET, so therefore whatever method you called, it gets translated to GET. The only options we would have is: * Disable HTTP altogether (i.e. don't even do a forward) * Allow HTTP for all verbs But I don't think either of those would be much better than what we have today. > http (i.e. non-SSL) only responds with GET to any requests (POST / PUT / > DELETE) > -------------------------------------------------------------------------------- > > Key: FINERACT-1423 > URL: https://issues.apache.org/jira/browse/FINERACT-1423 > Project: Apache Fineract > Issue Type: Bug > Affects Versions: 1.5.0 > Reporter: Petri Tuomola > Assignee: Petri Tuomola > Priority: Major > > If you access any API using method POST / PUT / DELETE but with http (not > HTTPS), Fineract responds as if you had done a GET. > So PUT /fineract-provider/api/v1/offices/2 is actually actioned as GET > /fineract-provider/api/v1/offices/2 when done with http > If you change to https, everything works well. > This means that HTTP endpoint is pretty much dead for all practical purposes. > To avoid confusion, my suggestion would be that we disable this and just > reject any call to HTTP, rather than responding with the incorrect response. > HTTP is anyway insecure and should not be used. > -- This message was sent by Atlassian Jira (v8.20.1#820001)