Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reject DELETE requests with a body #8217

Closed
clintongormley opened this issue Oct 24, 2014 · 0 comments
Closed

Reject DELETE requests with a body #8217

clintongormley opened this issue Oct 24, 2014 · 0 comments
Assignees
@jasontedor
Labels
:Core/Infra/REST API REST infrastructure and utilities >enhancement

Comments

@clintongormley
Copy link

To add some level of protection to DELETE requests, reject requests that come with a body, when no body is expected (this excludes delete-by-query and delete-scroll)

See #5960
@clintongormley clintongormley added the help wanted adoptme label Oct 24, 2014
@clintongormley clintongormley mentioned this issue Oct 24, 2014
Closed
@clintongormley clintongormley added >enhancement good first issue low hanging fruit :Core/Infra/REST API REST infrastructure and utilities labels Nov 21, 2015
bvolpato added a commit to bvolpato/elasticsearch that referenced this issue Nov 10, 2016
@bvolpato
Reject DELETE requests with a body
98d6572 
FIxes elastic#8217
@bvolpato bvolpato mentioned this issue Nov 10, 2016
Closed
@javanna javanna mentioned this issue Nov 11, 2016
Closed
javanna added a commit to javanna/elasticsearch that referenced this issue Nov 23, 2016
@javanna
Add POST /_search/clear_scroll endpoint and deprecate delete scroll e…
50403ed 
…ndpoint

The clear scroll api currently allows to provide a scroll by specifying it either as part of the url (it is effectively the resource that gets deleted) or within the request body. The current api uses the DELETE method though, and we have decided to remove support for providing the request body with any DELETE endpoint in the future. In order to get to this for the next major version, we introduce the  new endpoint `POST /_search/clear_scroll` which replaces the current clear_scroll api and uses POST instead of DELETE. It allows to provide the `scroll_id` as a url parameter, which is though deprecated (will output a deprecation warning when used) in favour of providing it as part of the request body.

 The `DELETE /_search/scroll/` is deprecated, hence it will output a deprecation warning whenever used. The DELETE endpoints will be removed in 6.0, as well as the support for providing the scroll_id as a url parameter against the POST endpoint.

Relates to elastic#8217
Relates to elastic#21453
@javanna javanna self-assigned this Mar 17, 2017
@javanna javanna removed the help wanted adoptme label Mar 17, 2017
@nik9000 nik9000 removed the good first issue low hanging fruit label Mar 12, 2018
This was referenced Jan 15, 2019
Closed
Merged
@jasontedor jasontedor assigned jasontedor and unassigned javanna Jan 15, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jasontedor jasontedor

Labels
:Core/Infra/REST API REST infrastructure and utilities >enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@clintongormley @nik9000 @javanna @jasontedor