LPD-15347 ensure request is a post

david-truong · brianchandotcom · commit dd89fff675f0 · 2024-02-15T07:47:52.000+01:00
diff --git a/modules/apps/change-tracking/change-tracking-web/src/main/java/com/liferay/change/tracking/web/internal/portlet/action/UpdateCTCommentMVCResourceCommand.java b/modules/apps/change-tracking/change-tracking-web/src/main/java/com/liferay/change/tracking/web/internal/portlet/action/UpdateCTCommentMVCResourceCommand.java
@@ -14,8 +14,10 @@
 import com.liferay.portal.kernel.portlet.JSONPortletResponseUtil;
 import com.liferay.portal.kernel.portlet.bridges.mvc.MVCResourceCommand;
 import com.liferay.portal.kernel.security.permission.ActionKeys;
+import com.liferay.portal.kernel.servlet.HttpMethods;
 import com.liferay.portal.kernel.theme.ThemeDisplay;
 import com.liferay.portal.kernel.util.ParamUtil;
+import com.liferay.portal.kernel.util.StringUtil;
 import com.liferay.portal.kernel.util.WebKeys;
 
 import javax.portlet.ResourceRequest;
@@ -42,6 +44,10 @@ protected void doServeResource(
 			ResourceRequest resourceRequest, ResourceResponse resourceResponse)
 		throws Exception {
 
+		if (!StringUtil.equals(resourceRequest.getMethod(), HttpMethods.POST)) {
+			return;
+		}
+
 		ThemeDisplay themeDisplay = (ThemeDisplay)resourceRequest.getAttribute(
 			WebKeys.THEME_DISPLAY);
 
diff --git a/modules/apps/change-tracking/change-tracking-web/src/main/resources/META-INF/resources/publications/js/components/ChangeTrackingComments.js b/modules/apps/change-tracking/change-tracking-web/src/main/resources/META-INF/resources/publications/js/components/ChangeTrackingComments.js
@@ -99,7 +99,9 @@ export default function ChangeTrackingComments({
 			ctEntryId,
 		});
 
-		fetch(portletURL)
+		fetch(portletURL, {
+			method: 'post',
+		})
 			.then((response) => response.json())
 			.then((json) => {
 				if (!json.comments) {
@@ -135,7 +137,9 @@ export default function ChangeTrackingComments({
 			ctEntryId,
 		});
 
-		fetch(portletURL)
+		fetch(portletURL, {
+			method: 'post',
+		})
 			.then((response) => response.json())
 			.then((json) => {
 				if (!json.comments) {
@@ -169,7 +173,9 @@ export default function ChangeTrackingComments({
 			value: inputValue,
 		});
 
-		fetch(portletURL.toString())
+		fetch(portletURL.toString(), {
+			method: 'post',
+		})
 			.then((response) => response.json())
 			.then((json) => {
 				setDeleting(0);
@@ -211,7 +217,9 @@ export default function ChangeTrackingComments({
 			value: newValue,
 		});
 
-		fetch(portletURL)
+		fetch(portletURL, {
+			method: 'post',
+		})
 			.then((response) => response.json())
 			.then((json) => {
 				setDeleting(0);
