From a61a8e10b9c888f1544580dc8458b9b1cee37f32 Mon Sep 17 00:00:00 2001 From: Dany Marcoux Date: Wed, 17 Aug 2022 15:13:11 +0200 Subject: [PATCH] Use HTTP GET for /search/request/id API endpoint This API endpoint is currently accepting the GET and POST methods, but the POST method will be deprecated soon. After looking at the logs from build.opensuse.org, I noticed that the `licensedigger` user is heavily relying on this endpoint with the POST method. Using the GET method is also fine as noted by the W3C[1] in "URIs, Addressability, and the use of HTTP GET and POST", under the section "5.2 Ephemeral Limitations": > **URIs cannot be longer than 256 characters** > This was a limitation in some server implementations, and while servers continue to have limitations to prevent denial-of-service attacks, they are generally at least 4000 characters, and they evolve as the legitimate uses of application developers evolve. According to the logs, all calls to the /search/request/id API endpoint coming from this code, with the query string included, are well under 4000 characters long. [1]: https://www.w3.org/2001/tag/doc/whenToUseGet-20030922#ephemeral --- legal-auto.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/legal-auto.py b/legal-auto.py index 5cbf54f5..21c35c27 100755 --- a/legal-auto.py +++ b/legal-auto.py @@ -187,8 +187,7 @@ class LegalAuto(ReviewBot.ReviewBot): match += ' and (' + ' or '.join(sorted(batch)) + ')' url = osc.core.makeurl( self.apiurl, ['search', 'request', 'id'], {'match': match}) - # prefer POST because of the length - root = ET.parse(osc.core.http_POST(url)).getroot() + root = ET.parse(osc.core.http_GET(url)).getroot() for request in root.findall('request'): self.delete_from_db(request.get('id'))