diff --git a/release-notes/breaking-changes/elastic-apm.md b/release-notes/breaking-changes/elastic-apm.md index ffb5c9bc88..5fd06672ad 100644 --- a/release-notes/breaking-changes/elastic-apm.md +++ b/release-notes/breaking-changes/elastic-apm.md @@ -17,12 +17,19 @@ To learn how to upgrade, check out . % **Action**
Steps for mitigating deprecation impact. % :::: -% ## 9.0.0 [elastic-apm-900-breaking-changes] -% **Release date:** March 25, 2025 +## 9.0.0 [elastic-apm-9-0-0-breaking-changes] +**Release date:** March 25, 2025 % ::::{dropdown} Title of breaking change % Description of the breaking change. % For more information, check [PR #](PR link). % **Impact**
Impact of the breaking change. % **Action**
Steps for mitigating deprecation impact. -% :::: \ No newline at end of file +% :::: + +::::{dropdown} Change server information endpoint "/" to only accept GET and HEAD requests +This will surface any agent misconfiguration causing data to be sent to `/` instead of the correct endpoint (for example, `/v1/traces` for OTLP/HTTP). +For more information, check [PR #15976](https://github.com/elastic/apm-server/pull/15976). +**Impact**
Any methods other than `GET` and `HEAD` to `/` will return HTTP 405 Method Not Allowed. +**Action**
Update any existing usage, for example, update `POST /` to `GET /`. +:::: diff --git a/solutions/observability/apps/apm-server-information-api.md b/solutions/observability/apps/apm-server-information-api.md index 8e496fa15d..8987bdb800 100644 --- a/solutions/observability/apps/apm-server-information-api.md +++ b/solutions/observability/apps/apm-server-information-api.md @@ -16,11 +16,11 @@ This is the server information endpoint: http(s)://{hostname}:{port}/ ``` -Sending an `HTTP GET` or `HTTP POST` request to the server information endpoint will return an HTTP 200, indicating that the server is up. +Sending an `HTTP GET` request to the server information endpoint will return an HTTP 200, indicating that the server is up. To configure authenticated access to the APM server, the instructions at [APM API key](api-keys.md) or [APM Secret Token](secret-token.md), must be followed to configure the correct permissions for APM access. -If an [API keys](api-keys.md) or a [Secret token](secret-token.md) is passed along with the `HTTP GET` or `HTTP POST` request, in addition to an HTTP 200, the response payload will include some information about the APM server. +If an [API keys](api-keys.md) or a [Secret token](secret-token.md) is passed along with the `HTTP GET` request, in addition to an HTTP 200, the response payload will include some information about the APM server. ### Example: GET, without credentials [apm-api-info-example-get-without-credentials] @@ -48,12 +48,12 @@ curl --verbose -X GET http://127.0.0.1:8200 ``` -### Example: POST, with secret token [apm-api-info-example-post-with-secret-token] +### Example: GET, with secret token [apm-api-info-example-get-with-secret-token] -Example APM Server information request with POST, with a [Secret token](secret-token.md): +Example APM Server information request with GET, with a [Secret token](secret-token.md): ```sh -curl -X POST http://127.0.0.1:8200/ \ +curl -X GET http://127.0.0.1:8200/ \ -H "Authorization: Bearer secret_token" {