You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@fineract.apache.org by "Petri Tuomola (Jira)" <ji...@apache.org> on 2021/11/06 03:17:00 UTC
[jira] [Commented] (FINERACT-1423) http (i.e. non-SSL) only
responds with GET to any requests (POST / PUT / DELETE)
[ https://issues.apache.org/jira/browse/FINERACT-1423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17439587#comment-17439587 ]
Petri Tuomola commented on FINERACT-1423:
-----------------------------------------
This is because of the redirect to HTTPS, which does not seem to retain the HTTP method.
Either we should fix this, or disable HTTP altogether.
> http (i.e. non-SSL) only responds with GET to any requests (POST / PUT / DELETE)
> --------------------------------------------------------------------------------
>
> Key: FINERACT-1423
> URL: https://issues.apache.org/jira/browse/FINERACT-1423
> Project: Apache Fineract
> Issue Type: Bug
> Affects Versions: 1.5.0
> Reporter: Petri Tuomola
> Priority: Major
>
> If you access any API using method POST / PUT / DELETE but with http (not HTTPS), Fineract responds as if you had done a GET.
> So PUT /fineract-provider/api/v1/offices/2 is actually actioned as GET /fineract-provider/api/v1/offices/2 when done with http
> If you change to https, everything works well.
> This means that HTTP endpoint is pretty much dead for all practical purposes. To avoid confusion, my suggestion would be that we disable this and just reject any call to HTTP, rather than responding with the incorrect response. HTTP is anyway insecure and should not be used.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)