Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement optional POST-as-GET support #3871

Closed
6 tasks done
cpu opened this issue Sep 25, 2018 · 4 comments
Closed
6 tasks done

Implement optional POST-as-GET support #3871

cpu opened this issue Sep 25, 2018 · 4 comments
Assignees
@cpu
Labels
area/wfe kind/feature kind/spec-compliance layer/api
Milestone
Sprint 2018-10-16

Comments

@cpu
Copy link
Contributor

cpu commented Sep 25, 2018
edited

The draft ACME protocol has removed unauthenticated GET requests to order, authorization, and challenge resources. Because this is not a backwards compatible change we're intending to roll out support gradually before removing support for GETs to these resources entirely.

We need to:

  • Update wfe2/verify.go with support for verifying POST-as-GET requests
  • Add optional support for POST-as-GET to orders
  • Add optional support for POST-as-GET to authorizations
  • Add optional support for POST-as-GET to challenges
  • Add optional support for POST-as-GET to order certificate URLs
  • Add optional support for POST-as-GET to accounts

On November 1st, 2019 we will remove support for GET requests to orders, authorizations and challenges making POST-as-GET mandatory. When we do this we'll need to take care that you can't access any V2 resources via the V1 endpoint.

Client developers that want a head-start testing their clients against this change are encouraged to use Pebble, which has already implemented the change for -strict mode.
@jsha jsha added this to the Sprint 2018-09-25 milestone Sep 25, 2018
@jsha jsha assigned cpu Sep 25, 2018
@felixfontein
Copy link
Contributor

I think this list is missing POST-as-GET for account resources (similar to letsencrypt/pebble#171).

@cpu
Copy link
Contributor Author

cpu commented Oct 9, 2018

@felixfontein Right as usual! Thanks! I updated the issue description.

@rmbolger
Copy link

Do I assume correctly that the account change from {} to POST-as-GET will also be mandatory on the Nov. 1st, 2019 cutoff? But until then, it will support both?

@cpu
Copy link
Contributor Author

cpu commented Oct 11, 2018

@rmbolger Yes, I think that makes the most sense.

@cpu cpu mentioned this issue Oct 11, 2018
Merged
@lukas2511 lukas2511 mentioned this issue Oct 20, 2018
Closed
@cpu cpu closed this as completed in #3883 Oct 22, 2018
cpu added a commit that referenced this issue Oct 22, 2018
@cpu
ACME v2: Optional POST-as-GET support. (#3883)
1398377 
This allows POST-as-GET requests to Orders, Authorizations, Challenges, Certificates and Accounts. Legacy GET support remains for Orders, Authorizations, Challenges and Certificates. Legacy "POST {}" support for Accounts remains.

Resolves #3871
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cpu cpu

Labels
area/wfe kind/feature kind/spec-compliance layer/api
Projects
None yet
Milestone
Sprint 2018-10-16
Development

No branches or pull requests
4 participants
@jsha @cpu @rmbolger @felixfontein