From 64b8996483fca28970e60bf8b0c5f1cb2b1b4a76 Mon Sep 17 00:00:00 2001
From: Daniel Gerhardt <code@dgerhardt.net>
Date: Thu, 25 Jun 2015 13:47:26 +0200
Subject: [PATCH] Require POST method for '/checkframeoptionsheader'

This disables CORS for this path. It should not be usable by external
websites.
---
 src/main/java/de/thm/arsnova/controller/WelcomeController.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/de/thm/arsnova/controller/WelcomeController.java b/src/main/java/de/thm/arsnova/controller/WelcomeController.java
index dd2f324e..095d6205 100644
--- a/src/main/java/de/thm/arsnova/controller/WelcomeController.java
+++ b/src/main/java/de/thm/arsnova/controller/WelcomeController.java
@@ -63,7 +63,7 @@ public class WelcomeController extends AbstractController {
 		return new HashMap<String, Object>();
 	}
 
-	@RequestMapping(value = "/checkframeoptionsheader", method = RequestMethod.GET)
+	@RequestMapping(value = "/checkframeoptionsheader", method = RequestMethod.POST)
 	@ResponseStatus(HttpStatus.OK)
 	public void checkFrameOptionsHeader(
 			@RequestParam(required = true) final String url,
-- 
GitLab