Use HTTP POST to retrieve the list of contacts

We do not want to have sensitive information in the URL and therefore also not in the access log. Thus the GET request is replaced by a POST request. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
8 years ago · 945420baaf
parent 5c29fb16c0
commit 945420baaf
2 changed files with 2 additions and 2 deletions
--- a/core/js/contactsmenu.js
+++ b/core/js/contactsmenu.js
@ -476,7 +476,7 @@
 		_getContacts: function(searchTerm) {
 			var url = OC.generateUrl('/contactsmenu/contacts');
 			return Promise.resolve($.ajax(url, {
-				method: 'GET',
+				method: 'POST',
 				data: {
 					filter: searchTerm
 				}
--- a/core/routes.php
+++ b/core/routes.php
@ -57,7 +57,7 @@ $application->registerRoutes($this, [
 		['name' => 'Preview#getPreview', 'url' => '/core/preview.png', 'verb' => 'GET'],
 		['name' => 'Css#getCss', 'url' => '/css/{appName}/{fileName}', 'verb' => 'GET'],
 		['name' => 'Js#getJs', 'url' => '/js/{appName}/{fileName}', 'verb' => 'GET'],
-		['name' => 'contactsMenu#index', 'url' => '/contactsmenu/contacts', 'verb' => 'GET'],
+		['name' => 'contactsMenu#index', 'url' => '/contactsmenu/contacts', 'verb' => 'POST'],
 	],
 	'ocs' => [
 		['root' => '/cloud', 'name' => 'OCS#getCapabilities', 'url' => '/capabilities', 'verb' => 'GET'],