You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@fineract.apache.org by "Petri Tuomola (Jira)" <ji...@apache.org> on 2021/11/06 03:16:00 UTC

[jira] [Assigned] (FINERACT-1423) http (i.e. non-SSL) only responds with GET to any requests (POST / PUT / DELETE)

     [ https://issues.apache.org/jira/browse/FINERACT-1423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Petri Tuomola reassigned FINERACT-1423:
---------------------------------------

    Assignee:     (was: Petri Tuomola)

> http (i.e. non-SSL) only responds with GET to any requests (POST / PUT / DELETE)
> --------------------------------------------------------------------------------
>
>                 Key: FINERACT-1423
>                 URL: https://issues.apache.org/jira/browse/FINERACT-1423
>             Project: Apache Fineract
>          Issue Type: Bug
>    Affects Versions: 1.5.0
>            Reporter: Petri Tuomola
>            Priority: Major
>
> If you access any API using method POST / PUT / DELETE but with http (not HTTPS), Fineract responds as if you had done a GET.
> So PUT /fineract-provider/api/v1/offices/2 is actually actioned as GET /fineract-provider/api/v1/offices/2 when done with http
> If you change to https, everything works well. 
> This means that HTTP endpoint is pretty much dead for all practical purposes. To avoid confusion, my suggestion would be that we disable this and just reject any call to HTTP, rather than responding with the incorrect response. HTTP is anyway insecure and should not be used.  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)