Louvorg/ReaderForSelfoss-multiplatform
Louvorg/ReaderForSelfoss-multiplatform
3
2
Fork 2
Code Issues 6 Pull Requests 2 Actions Releases 83 Wiki Activity

Remove login information from update request
All checks were successful
Check PR code / translations (pull_request) Successful in 30s
Details
Check PR code / Lint (pull_request) Successful in 38s
Details
Check PR code / build (pull_request) Successful in 24s
Details

Browse Source 
Removed the username and password in the GET /update request.
The endpoint does not require authentication and it is unsafe to transmit login credentials over GET requests.
This commit is contained in:
davidoskky 2025-04-12 23:00:24 +02:00
parent e9e2b6415f
commit 4b9899c04e
1 changed files with 0 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
shared/src/commonMain/kotlin/bou/amine/apps/readerforselfossv2/rest/SelfossApi.kt
View File

@ -365,27 +365,6 @@ class SelfossApi(
suspend fun update(): StatusAndData<String> = suspend fun update(): StatusAndData<String> =
bodyOrFailure( bodyOrFailure(
client.tryToGet(url("/update")) { client.tryToGet(url("/update")) {
if (!shouldHavePostLogin()) {
parameter("username", appSettingsService.getUserName())
parameter("password", appSettingsService.getPassword())
}
if (appSettingsService
.getBasicUserName()
.isNotEmpty() &&
appSettingsService.getBasicPassword().isNotEmpty()
) {
headers {
append(
HttpHeaders.Authorization,
constructBasicAuthValue(
BasicAuthCredentials(
username = appSettingsService.getBasicUserName(),
password = appSettingsService.getBasicPassword(),
),
),
)
}
}
headers { headers {
append( append(
HttpHeaders.Accept, HttpHeaders.Accept,