Implement optional POST-as-GET support #3871
Closed
Comments
I think this list is missing POST-as-GET for account resources (similar to letsencrypt/pebble#171). |
@felixfontein Right as usual! Thanks! I updated the issue description. |
Do I assume correctly that the account change from |
@rmbolger Yes, I think that makes the most sense. |
cpu
added a commit
that referenced
this issue
Oct 22, 2018
This allows POST-as-GET requests to Orders, Authorizations, Challenges, Certificates and Accounts. Legacy GET support remains for Orders, Authorizations, Challenges and Certificates. Legacy "POST {}" support for Accounts remains. Resolves #3871
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The draft ACME protocol has removed unauthenticated GET requests to order, authorization, and challenge resources. Because this is not a backwards compatible change we're intending to roll out support gradually before removing support for GETs to these resources entirely.
We need to:
wfe2/verify.go
with support for verifying POST-as-GET requestsOn November 1st, 2019 we will remove support for GET requests to orders, authorizations and challenges making POST-as-GET mandatory. When we do this we'll need to take care that you can't access any V2 resources via the V1 endpoint.
Client developers that want a head-start testing their clients against this change are encouraged to use Pebble, which has already implemented the change for
-strict
mode.The text was updated successfully, but these errors were encountered: