CASE PM-59522-19-201674:
Adjustments were made to several requests from the Client API Settings service to fix vulnerabilities related to cross-site request forgery (CSRF). These changes include:
- Verb type (from POST to GET).
- Changes in the signing of service requests.
Detail of the Changes
| Previous Request | Type of Consumption | Updated Petition | New Consumption Rate |
|---|---|---|---|
| {URL Api Client}/WebServices/settings.asmx/GetDefaultSettings | POST | {URL Api Client}/api/settings/GetDefaultSettings | GET |
| {Url Client API}/WebServices/settings.asmx/GetCustomerUrl | POST | {Url Api Client}/api/settings/GetCustomerUrl | GET |
| {URL Client API}/WebServices/settings.asmx/GetDefaultProvider | POST | {URL Api Client}/api/settings/GetDefaultProvider | GET |
| {Url Client API}/WebServices/settings.asmx/GetDetailServiceUrl | POST | {Url Api Client}/api/settings/GetDetailServiceUrl | GET |
| {URL API Client}/WebServices/settings.asmx/GetNews | POST | {url api client}/api/settings/GetNews | GET |
| {URL Api Client}/WebServices/settings.asmx/GetWindowsUserIdentity | POST | {URL Api Client}/api/settings/GetWindowsUserIdentity | GET |
| {URL Api Client}/WebServices/settings.asmx/GetSettingsByProject | POST | {URL Api Client}/api/settings/GetSettingsByProject | POST |
| {Url Api Client}/WebServices/settings.asmx/GetApiUrl | POST | {Url Api Client}/api/settings/GetApiUrl | POST |