Restrict more WebAPI endpoints to POST method only

2 years ago · d6c92704a1
1 changed files with 54 additions and 2 deletions
--- a/src/webui/webapplication.h
+++ b/src/webui/webapplication.h
@ -141,16 +141,68 @@ private:
				@@ -141,16 +141,68 @@ private:
    const QHash<std::pair<QString, QString>, QString> m_allowedMethod =
    {
        // <<controller name, action name>, HTTP method>
-        // TODO: this list is incomplete
        {{u"app"_qs, u"setPreferences"_qs}, Http::METHOD_POST},
        {{u"app"_qs, u"shutdown"_qs}, Http::METHOD_POST},
        {{u"auth"_qs, u"login"_qs}, Http::METHOD_POST},
        {{u"auth"_qs, u"logout"_qs}, Http::METHOD_POST},
        {{u"rss"_qs, u"addFeed"_qs}, Http::METHOD_POST},
+        {{u"rss"_qs, u"addFolder"_qs}, Http::METHOD_POST},
+        {{u"rss"_qs, u"markAsRead"_qs}, Http::METHOD_POST},
+        {{u"rss"_qs, u"moveItem"_qs}, Http::METHOD_POST},
+        {{u"rss"_qs, u"refreshItem"_qs}, Http::METHOD_POST},
+        {{u"rss"_qs, u"removeItem"_qs}, Http::METHOD_POST},
+        {{u"rss"_qs, u"removeRule"_qs}, Http::METHOD_POST},
+        {{u"rss"_qs, u"renameRule"_qs}, Http::METHOD_POST},
+        {{u"rss"_qs, u"setRule"_qs}, Http::METHOD_POST},
+        {{u"search"_qs, u"delete"_qs}, Http::METHOD_POST},
+        {{u"search"_qs, u"enablePlugin"_qs}, Http::METHOD_POST},
        {{u"search"_qs, u"installPlugin"_qs}, Http::METHOD_POST},
+        {{u"search"_qs, u"start"_qs}, Http::METHOD_POST},
+        {{u"search"_qs, u"stop"_qs}, Http::METHOD_POST},
+        {{u"search"_qs, u"uninstallPlugin"_qs}, Http::METHOD_POST},
+        {{u"search"_qs, u"updatePlugins"_qs}, Http::METHOD_POST},
        {{u"torrents"_qs, u"add"_qs}, Http::METHOD_POST},
        {{u"torrents"_qs, u"addPeers"_qs}, Http::METHOD_POST},
-        {{u"torrents"_qs, u"addTrackers"_qs}, Http::METHOD_POST}
+        {{u"torrents"_qs, u"addTags"_qs}, Http::METHOD_POST},
+        {{u"torrents"_qs, u"addTrackers"_qs}, Http::METHOD_POST},
+        {{u"torrents"_qs, u"bottomPrio"_qs}, Http::METHOD_POST},
+        {{u"torrents"_qs, u"createCategory"_qs}, Http::METHOD_POST},
+        {{u"torrents"_qs, u"createTags"_qs}, Http::METHOD_POST},
+        {{u"torrents"_qs, u"decreasePrio"_qs}, Http::METHOD_POST},
+        {{u"torrents"_qs, u"delete"_qs}, Http::METHOD_POST},
+        {{u"torrents"_qs, u"deleteTags"_qs}, Http::METHOD_POST},
+        {{u"torrents"_qs, u"editCategory"_qs}, Http::METHOD_POST},
+        {{u"torrents"_qs, u"editTracker"_qs}, Http::METHOD_POST},
+        {{u"torrents"_qs, u"filePrio"_qs}, Http::METHOD_POST},
+        {{u"torrents"_qs, u"increasePrio"_qs}, Http::METHOD_POST},
+        {{u"torrents"_qs, u"pause"_qs}, Http::METHOD_POST},
+        {{u"torrents"_qs, u"reannounce"_qs}, Http::METHOD_POST},
+        {{u"torrents"_qs, u"recheck"_qs}, Http::METHOD_POST},
+        {{u"torrents"_qs, u"removeCategories"_qs}, Http::METHOD_POST},
+        {{u"torrents"_qs, u"removeTags"_qs}, Http::METHOD_POST},
+        {{u"torrents"_qs, u"removeTrackers"_qs}, Http::METHOD_POST},
+        {{u"torrents"_qs, u"rename"_qs}, Http::METHOD_POST},
+        {{u"torrents"_qs, u"renameFile"_qs}, Http::METHOD_POST},
+        {{u"torrents"_qs, u"renameFolder"_qs}, Http::METHOD_POST},
+        {{u"torrents"_qs, u"resume"_qs}, Http::METHOD_POST},
+        {{u"torrents"_qs, u"setAutoManagement"_qs}, Http::METHOD_POST},
+        {{u"torrents"_qs, u"setCategory"_qs}, Http::METHOD_POST},
+        {{u"torrents"_qs, u"setDownloadLimit"_qs}, Http::METHOD_POST},
+        {{u"torrents"_qs, u"setDownloadPath"_qs}, Http::METHOD_POST},
+        {{u"torrents"_qs, u"setForceStart"_qs}, Http::METHOD_POST},
+        {{u"torrents"_qs, u"setLocation"_qs}, Http::METHOD_POST},
+        {{u"torrents"_qs, u"setSavePath"_qs}, Http::METHOD_POST},
+        {{u"torrents"_qs, u"setShareLimits"_qs}, Http::METHOD_POST},
+        {{u"torrents"_qs, u"setSuperSeeding"_qs}, Http::METHOD_POST},
+        {{u"torrents"_qs, u"setUploadLimit"_qs}, Http::METHOD_POST},
+        {{u"torrents"_qs, u"toggleFirstLastPiecePrio"_qs}, Http::METHOD_POST},
+        {{u"torrents"_qs, u"toggleSequentialDownload"_qs}, Http::METHOD_POST},
+        {{u"torrents"_qs, u"topPrio"_qs}, Http::METHOD_POST},
+        {{u"transfer"_qs, u"banPeers"_qs}, Http::METHOD_POST},
+        {{u"transfer"_qs, u"setDownloadLimit"_qs}, Http::METHOD_POST},
+        {{u"transfer"_qs, u"setSpeedLimitsMode"_qs}, Http::METHOD_POST},
+        {{u"transfer"_qs, u"setUploadLimit"_qs}, Http::METHOD_POST},
+        {{u"transfer"_qs, u"toggleSpeedLimitsMode"_qs}, Http::METHOD_POST},
    };
    bool m_isAltUIUsed = false;
    Path m_rootFolder;