extensionDownloader: Use POST request for checking updateswip/ykonotopov/update-check-post

Usage of GET requests for checking updates was made deprecated
at website some time ago [1], but REST endpoint was
CSRF-protected until recently [2].
The body of update request may be big enough and thus does not
suitable for GET requests.

[1] https://gitlab.gnome.org/Infrastructure/extensions-web/-/commit/0b38da1b2b440db1b4eb767cff74acf8f8de18e0
[2] https://gitlab.gnome.org/Infrastructure/extensions-web/-/commit/e3ab0c07dce4d58b33b30700ec1ea7aa2e3b4230

1 files changed, 10 insertions, 3 deletions

diff --git a/js/ui/extensionDownloader.js b/js/ui/extensionDownloader.js
index a7b40f973..a29412f5c 100644
--- a/js/ui/extensionDownloader.js
+++ b/js/ui/extensionDownloader.js
@@ -151,12 +151,19 @@ function checkForUpdates() {
         'disable-extension-version-validation');
     let params = {
         shell_version: Config.PACKAGE_VERSION,
-        installed: JSON.stringify(metadatas),
         disable_version_validation: versionCheck.toString(),
     };
 
-    let url = REPOSITORY_URL_UPDATE;
-    let message = Soup.form_request_new_from_hash('GET', url, params);
+    let uri = Soup.URI.new(REPOSITORY_URL_UPDATE);
+    uri.set_query_from_form(params);
+
+    let message = Soup.Message.new_from_uri('POST', uri);
+    message.set_request(
+        'application/json',
+        Soup.MemoryUse.COPY,
+        JSON.stringify(metadatas)
+    );
+
     _httpSession.queue_message(message, () => {
         if (message.status_code != Soup.KnownStatusCode.OK)
             return;