[
https://issues.apache.org/jira/browse/FINERACT-1423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Petri Tuomola resolved FINERACT-1423.
-------------------------------------
Resolution: Won't Fix
I think this works as expected. If you go for a http request, it forwards you
to https. However forward is only a HTTP GET, so therefore whatever method you
called, it gets translated to GET.
The only options we would have is:
* Disable HTTP altogether (i.e. don't even do a forward)
* Allow HTTP for all verbs
But I don't think either of those would be much better than what we have today.
> http (i.e. non-SSL) only responds with GET to any requests (POST / PUT /
> DELETE)
> --------------------------------------------------------------------------------
>
> Key: FINERACT-1423
> URL: https://issues.apache.org/jira/browse/FINERACT-1423
> Project: Apache Fineract
> Issue Type: Bug
> Affects Versions: 1.5.0
> Reporter: Petri Tuomola
> Assignee: Petri Tuomola
> Priority: Major
>
> If you access any API using method POST / PUT / DELETE but with http (not
> HTTPS), Fineract responds as if you had done a GET.
> So PUT /fineract-provider/api/v1/offices/2 is actually actioned as GET
> /fineract-provider/api/v1/offices/2 when done with http
> If you change to https, everything works well.
> This means that HTTP endpoint is pretty much dead for all practical purposes.
> To avoid confusion, my suggestion would be that we disable this and just
> reject any call to HTTP, rather than responding with the incorrect response.
> HTTP is anyway insecure and should not be used.
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
