GNOME.org
 

[gnome-shell/wip/ykonotopov/update-check-post] extensionDownloader: use POST request for checking updates


commit 13f42a2afee96c2a0fc91268f68752757a2798e8
Author: Yuri Konotopov <ykonotopov gnome org>
Date:   Mon Mar 29 22:42:42 2021 +0400

    extensionDownloader: use POST request for checking updates
    
    Usage of GET requests for checking updates was made deprecated
    at website some time ago [1], but REST endpoint was
    CSRF-protected until recently [2].
    The body of update request may be big enough and thus does not
    suitable for GET requests.
    
    [1] 
https://gitlab.gnome.org/Infrastructure/extensions-web/-/commit/0b38da1b2b440db1b4eb767cff74acf8f8de18e0
    [2] 
https://gitlab.gnome.org/Infrastructure/extensions-web/-/commit/e3ab0c07dce4d58b33b30700ec1ea7aa2e3b4230

 js/ui/extensionDownloader.js | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)
---
diff --git a/js/ui/extensionDownloader.js b/js/ui/extensionDownloader.js
index a7b40f9735..a29412f5ce 100644
--- a/js/ui/extensionDownloader.js
+++ b/js/ui/extensionDownloader.js
@@ -151,12 +151,19 @@ function checkForUpdates() {
         'disable-extension-version-validation');
     let params = {
         shell_version: Config.PACKAGE_VERSION,
-        installed: JSON.stringify(metadatas),
         disable_version_validation: versionCheck.toString(),
     };
 
-    let url = REPOSITORY_URL_UPDATE;
-    let message = Soup.form_request_new_from_hash('GET', url, params);
+    let uri = Soup.URI.new(REPOSITORY_URL_UPDATE);
+    uri.set_query_from_form(params);
+
+    let message = Soup.Message.new_from_uri('POST', uri);
+    message.set_request(
+        'application/json',
+        Soup.MemoryUse.COPY,
+        JSON.stringify(metadatas)
+    );
+
     _httpSession.queue_message(message, () => {
         if (message.status_code != Soup.KnownStatusCode.OK)
             return;
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]