NetTalk Central

Author Topic: Disabling GET requests  (Read 3492 times)

Koen Tjoa

  • Jr. Member
  • **
  • Posts: 68
    • View Profile
    • Email
Disabling GET requests
« on: December 20, 2016, 07:28:36 AM »

Hi all,

Standard NetTalk allows to use the GET method in every service method.  So this can also be done WebServiceMethods with password and tokens as parameter. However I would like not to “reward” the user when he is using GET for sending passwords.

Is there some setting which disables the GET method?

Cheers,
Koen

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11250
    • View Profile
Re: Disabling GET requests
« Reply #1 on: December 22, 2016, 05:41:45 AM »
Hi Koen,

I'm not sure disabling GET would be an ideal approach.

GET is a big part of REST, if the user is using the HTTP Verb to indicate the action they want to do.

Plus it's possible to use GET with an authorization header, or with a cookie, both of which would be very much ok - and in some cases probably required.

So sure, it would be nice to detect, and prevent the login and password being part of the URL, but there's no easy way I can think of offhand to do that, and still keep the general "correctness" of the API - especially as you are making a REST API.

Cheers
Bruce

Koen Tjoa

  • Jr. Member
  • **
  • Posts: 68
    • View Profile
    • Email
Re: Disabling GET requests
« Reply #2 on: December 22, 2016, 07:32:20 AM »
Hi Bruce,

I didn’t realize that GET is also a part of REST so it obvious that disabling GET isn’t a good idea.
 Thanks, for clarifying.

Cheers,
Koen