diff options
author | Yuri Konotopov <ykonotopov@gnome.org> | 2021-03-29 22:42:42 +0400 |
---|---|---|
committer | Yuri Konotopov <ykonotopov@gnome.org> | 2021-03-29 23:11:33 +0400 |
commit | 5292bdb6e31ad0630ba65469cbb5f6ddcd5917d3 (patch) | |
tree | a2f3a8c6027bc10898f9cd7e30d5d4bf745fa8c9 | |
parent | f563424417c2c77c8483efb795da48b43ab30abb (diff) | |
download | gnome-shell-wip/ykonotopov/update-check-post.tar.gz |
extensionDownloader: Use POST request for checking updateswip/ykonotopov/update-check-post
Usage of GET requests for checking updates was made deprecated
at website some time ago [1], but REST endpoint was
CSRF-protected until recently [2].
The body of update request may be big enough and thus does not
suitable for GET requests.
[1] https://gitlab.gnome.org/Infrastructure/extensions-web/-/commit/0b38da1b2b440db1b4eb767cff74acf8f8de18e0
[2] https://gitlab.gnome.org/Infrastructure/extensions-web/-/commit/e3ab0c07dce4d58b33b30700ec1ea7aa2e3b4230
-rw-r--r-- | js/ui/extensionDownloader.js | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/js/ui/extensionDownloader.js b/js/ui/extensionDownloader.js index a7b40f973..a29412f5c 100644 --- a/js/ui/extensionDownloader.js +++ b/js/ui/extensionDownloader.js @@ -151,12 +151,19 @@ function checkForUpdates() { 'disable-extension-version-validation'); let params = { shell_version: Config.PACKAGE_VERSION, - installed: JSON.stringify(metadatas), disable_version_validation: versionCheck.toString(), }; - let url = REPOSITORY_URL_UPDATE; - let message = Soup.form_request_new_from_hash('GET', url, params); + let uri = Soup.URI.new(REPOSITORY_URL_UPDATE); + uri.set_query_from_form(params); + + let message = Soup.Message.new_from_uri('POST', uri); + message.set_request( + 'application/json', + Soup.MemoryUse.COPY, + JSON.stringify(metadatas) + ); + _httpSession.queue_message(message, () => { if (message.status_code != Soup.KnownStatusCode.OK) return; |