Do not allow GET, PATCH, and DELETE via JSON:API

Open on Drupal.org →

Created on 30 March 2024, 10 months ago

Updated 13 April 2024, 9 months ago

Problem/Motivation

Log data should not be inadvertently exposed or modified, so out of an abundance of caution, only POST should work from JSON:API.

The REST service already only has POST available, so this should make JSON:API consistent with REST.

📌 Task

Status

Fixed

Version

1.0

Component

Code

Created by

🇯🇵Japan ptmkenny

Live updates comments and jobs are added and updated live.

Sign in to follow issues

Merge Requests

!2Do not allow GET, PATCH, and DELETE via JSON:API
Merged
🇯🇵Japan ptmkenny
updated 10 months ago

Comments & Activities

Issue created by @ptmkenny
Merge request !2Do not allow GET, PATCH, or DELETE via JSON:API → (Merged) created by ptmkenny
Comment 10 months ago →
🇯🇵Japan ptmkenny
Pipeline finished with Skipped
10 months ago
#132988

Comment 10 months ago →

ptmkenny → committed a596895b on 1.0.x

Issue #3437089 by ptmkenny: Do not allow GET, PATCH, and DELETE via JSON...

Status changed to Fixed 10 months ago2:35am 30 March 2024
Comment 10 months ago →
🇯🇵Japan ptmkenny
Comment 9 months ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024