diff options
| author | Arthur Paulino <arthurleonardo.ap@gmail.com> | 2021-09-07 11:48:31 -0300 |
|---|---|---|
| committer | Arthur Paulino <arthurleonardo.ap@gmail.com> | 2021-09-07 11:48:31 -0300 |
| commit | 75530c5977dd177b073c97a5d1233950e2f4e8c7 (patch) | |
| tree | 63f571b9ca8a1eee90fb41ba50d2a8f60a0d850f /doc/classes | |
| parent | c3591a9b04f3cc62d5ea4fe13228979b0200cce3 (diff) | |
security tip when sending sensitive data on HTTP requests
Diffstat (limited to 'doc/classes')
| -rw-r--r-- | doc/classes/HTTPRequest.xml | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/doc/classes/HTTPRequest.xml b/doc/classes/HTTPRequest.xml index 4fafa0a0a1..00927b98c5 100644 --- a/doc/classes/HTTPRequest.xml +++ b/doc/classes/HTTPRequest.xml @@ -192,7 +192,8 @@ <description> Creates request on the underlying [HTTPClient]. If there is no configuration errors, it tries to connect using [method HTTPClient.connect_to_host] and passes parameters onto [method HTTPClient.request]. Returns [constant OK] if request is successfully created. (Does not imply that the server has responded), [constant ERR_UNCONFIGURED] if not in the tree, [constant ERR_BUSY] if still processing previous request, [constant ERR_INVALID_PARAMETER] if given string is not a valid URL format, or [constant ERR_CANT_CONNECT] if not using thread and the [HTTPClient] cannot connect to host. - [b]Note:[/b] When [code]method[/code] is [constant HTTPClient.METHOD_GET], the payload sent via [code]request_data[/code] might be ignored by the server or even cause the server to reject the request (check [url=https://datatracker.ietf.org/doc/html/rfc7231#section-4.3.1]RFC 7231 section 4.3.1[/url] for more details). As a workaround, you can send data as a query string in the URL. See [method String.uri_encode] for an example. + [b]Note:[/b] When [code]method[/code] is [constant HTTPClient.METHOD_GET], the payload sent via [code]request_data[/code] might be ignored by the server or even cause the server to reject the request (check [url=https://datatracker.ietf.org/doc/html/rfc7231#section-4.3.1]RFC 7231 section 4.3.1[/url] for more details). As a workaround, you can send data as a query string in the URL (see [method String.uri_encode] for an example). + [b]Note:[/b] It's recommended to use transport encryption (SSL/TLS) and to avoid sending sensitive information (such as login credentials) in HTTP GET URL parameters. Consider using HTTP POST requests or HTTP headers for such information instead. </description> </method> <method name="request_raw"> |