[jira] [Updated] (KUDU-3625) Implement HTTP Method Error Handling for Non-GET Requests on Web UI Paths

Thu, 14 Nov 2024 04:38:09 -0800 


     [ 
https://issues.apache.org/jira/browse/KUDU-3625?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Gabriella Lotz updated KUDU-3625:
---------------------------------
    Description: 
Currently, the web server UI pages ("/", "/tables" etc.) return a 200 OK 
response regardless of the HTTP method used. However, these pages should only 
accept GET requests. Other HTTP methods (e.g., POST, PUT, DELETE) should return 
a 405 Method Not Allowed response to avoid unintended interactions.

Example on google.com a POST request returns this error:
{code:java}
405. That's an error. The request method POST is inappropriate for the URL /. 
That's all we know.{code}
Similarly, an appropriate 405 Method Not Allowed response should be returned 
for non-GET requests on the web UI pages.

  was:
Currently, the web server UI pages ({{{}"/"{}}}, "{{{}/tables"{}}}, etc.) 
return a 200 OK response regardless of the HTTP method used. However, these 
pages should only accept GET requests. Other HTTP methods (e.g., POST, PUT, 
DELETE) should return a 405 Method Not Allowed response to avoid unintended 
interactions.

Example on google.com a POST request returns this error:
{code:java}
405. That's an error. The request method POST is inappropriate for the URL /. 
That's all we know.{code}
Similarly, an appropriate 405 Method Not Allowed response should be returned 
for non-GET requests on the web UI pages.


> Implement HTTP Method Error Handling for Non-GET Requests on Web UI Paths
> -------------------------------------------------------------------------
>
>                 Key: KUDU-3625
>                 URL: https://issues.apache.org/jira/browse/KUDU-3625
>             Project: Kudu
>          Issue Type: Bug
>            Reporter: Gabriella Lotz
>            Priority: Major
>
> Currently, the web server UI pages ("/", "/tables" etc.) return a 200 OK 
> response regardless of the HTTP method used. However, these pages should only 
> accept GET requests. Other HTTP methods (e.g., POST, PUT, DELETE) should 
> return a 405 Method Not Allowed response to avoid unintended interactions.
> Example on google.com a POST request returns this error:
> {code:java}
> 405. That's an error. The request method POST is inappropriate for the URL /. 
> That's all we know.{code}
> Similarly, an appropriate 405 Method Not Allowed response should be returned 
> for non-GET requests on the web UI pages.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to