[change] api - Updated unsafe requests to use POST instead of GET#1861
[change] api - Updated unsafe requests to use POST instead of GET#1861
Conversation
…acuum, /database/cleanup, and /database/reset_plugin use POST instead of GET
|
This is a good idea. I wonder though if we should move the action to the payload of the request instead of being in the url itself. Something like |
|
I kind of like that too. We could combine the endpoints that way. Do you have a suggestion for the combined endpoint name? We could just do |
|
I think i like |
flexget/api/core/database.py
Outdated
| session.execute('VACUUM') | ||
| session.commit() | ||
| msg = 'DB VACUUM finished' | ||
| elif operation == 'list_plugins': |
There was a problem hiding this comment.
I think list_plugins should still be a GET request. It's idempotent and semantically that makes more sense.
|
Sorry I haven't gotten around to doing the other endpoint yet...I'll try to get to it soon. |
|
You mean the server endpoint? I've been meaning to do that, been super busy... |
…ub.com/Flexget/Flexget into change_request_methods # Conflicts: # flexget/api/core/database.py
|
I went with |
|
Alright I think this is good to go now. 👍 |
|
Actually I think we missed one, |
|
That one might more sense as a |
|
Awesome, thank for this change! |
Motivation for changes:
So currently a bunch of unsafe requests are using
GETinstead ofPOST. Because all modern browsers support prefetching, it's not wise to useGETrequests for things that do any sort of modification server side.Detailed changes:
/logout,/server/reload,/server/shutdown,/database/vacuum,/database/cleanup, and/database/reset_pluginto usePOSTinstead ofGET