Remove login information from update request

Removed the username and password in the GET /update request. The endpoint does not require authentication and it is unsafe to transmit login credentials over GET requests.
Support SSE for source updates
2025-04-12 22:48:42 +02:00 · 2025-04-12 22:43:24 +02:00
1 changed files with 15 additions and 5 deletions
--- a/shared/src/commonMain/kotlin/bou/amine/apps/readerforselfossv2/rest/SelfossApi.kt
+++ b/shared/src/commonMain/kotlin/bou/amine/apps/readerforselfossv2/rest/SelfossApi.kt
@ -365,12 +365,22 @@ class SelfossApi(
    suspend fun update(): StatusAndData<String> =
        bodyOrFailure(
            client.tryToGet(url("/update")) {
                if (!shouldHavePostLogin()) {
                    parameter("username", appSettingsService.getUserName())
                    parameter("password", appSettingsService.getPassword())
                }
                if (appSettingsService
                        .getBasicUserName()
                        .isNotEmpty() &&
                    appSettingsService.getBasicPassword().isNotEmpty()
                ) {
                    headers {
                        append(
                            HttpHeaders.Accept,
                            "text/event-stream",
                        )
                    }
                }
            },
        )
Author	SHA1	Message	Date
davidoskky	269937ff09	Remove login information from update request All checks were successful Check PR code / translations (pull_request) Successful in 38s Details Check PR code / Lint (pull_request) Successful in 49s Details Check PR code / build (pull_request) Successful in 35s Details Removed the username and password in the GET /update request. The endpoint does not require authentication and it is unsafe to transmit login credentials over GET requests.	2025-04-12 22:48:42 +02:00
davidoskky	a7bc64d61e	Support SSE for source updates This uses the Server Side Events added in Selfoss API 6.1.0 when calling GET /update This change only supports the new response format but provides no change for the users. The older versions are still supported.	2025-04-12 22:43:24 +02:00