starred/WiFiManager
1
0
Fork 0
mirror of https://github.com/tzapu/WiFiManager.git synced 2026-04-27 09:05:56 +03:00
Code Issues 656 Projects Releases 8 Packages Wiki Activity

[GH-ISSUE #409] Convert all form processing to POST #344

New issue
Open
opened 2026-02-28 01:24:52 +03:00 by kerem · 6 comments
kerem commented 2026-02-28 01:24:52 +03:00
Owner
Copy link

Originally created by @tablatronix on GitHub (Aug 30, 2017).
Original GitHub issue: https://github.com/tzapu/WiFiManager/issues/409

Get is not a secure method of submitting forms on an open ap specifically.

  • convert all to post

leave url forms as get? but what if inputs get added later etc, not sure how to handle, all post for now.

support GET optionally ( for script based url programming )
the library seems to not care, however we can deny by checking
server->method() == HTTP_GET

Originally created by @tablatronix on GitHub (Aug 30, 2017). Original GitHub issue: https://github.com/tzapu/WiFiManager/issues/409 Get is not a secure method of submitting forms on an open ap specifically. - [x] convert all to post ❓ leave url forms as get? but what if inputs get added later etc, not sure how to handle, all post for now. support GET optionally ( for script based url programming ) the library seems to not care, however we can deny by checking `server->method() == HTTP_GET`
kerem commented 2026-02-28 01:24:52 +03:00
Author
Owner
Copy link

@tzapu commented on GitHub (Aug 30, 2017):

why not form submissions POST and whatever's not a form submision GET?
if you are using a browser and not the captive portal using the back button becomes a pain in the ass if you navigate between POSTs

<!-- gh-comment-id:326023954 --> @tzapu commented on GitHub (Aug 30, 2017): why not form submissions POST and whatever's not a form submision GET? if you are using a browser and not the captive portal using the back button becomes a pain in the ass if you navigate between POSTs
kerem commented 2026-02-28 01:24:52 +03:00
Author
Owner
Copy link

@tzapu commented on GitHub (Aug 30, 2017):

the change shouldn't be big either, i guess just changing the form to POST and making sure it gets the params from the POST rather than string, not sure if that part is not transparent anyway

<!-- gh-comment-id:326024273 --> @tzapu commented on GitHub (Aug 30, 2017): the change shouldn't be big either, i guess just changing the form to POST and making sure it gets the params from the POST rather than string, not sure if that part is not transparent anyway
kerem commented 2026-02-28 01:24:52 +03:00
Author
Owner
Copy link

@tzapu commented on GitHub (Aug 30, 2017):

like you ve actually done in your last commit :P
i'll but out, you are a machine :D

<!-- gh-comment-id:326024835 --> @tzapu commented on GitHub (Aug 30, 2017): like you ve actually done in your last commit :P i'll but out, you are a machine :D
kerem commented 2026-02-28 01:24:52 +03:00
Author
Owner
Copy link

@tablatronix commented on GitHub (Aug 30, 2017):

I tested and changed all to post, I think it better than to have to decide which page will have a form on it etc. we can adjust as needed, if it is a problem with browser history.

<!-- gh-comment-id:326026335 --> @tablatronix commented on GitHub (Aug 30, 2017): I tested and changed all to post, I think it better than to have to decide which page will have a form on it etc. we can adjust as needed, if it is a problem with browser history.
kerem commented 2026-02-28 01:24:52 +03:00
Author
Owner
Copy link

@tablatronix commented on GitHub (Aug 30, 2017):

  • test all devices with POST on all forms provide feedback on browser back and refresh capability.

So far browser history works as expected

<!-- gh-comment-id:326027128 --> @tablatronix commented on GitHub (Aug 30, 2017): - [ ] test all devices with POST on all forms provide feedback on browser back and refresh capability. So far browser history works as expected
kerem commented 2026-02-28 01:24:52 +03:00
Author
Owner
Copy link

@tablatronix commented on GitHub (Aug 30, 2017):

why not replace form buttons with actual proper links ?

hmm I am now wondering if semantically these should be styled links with hrefs, and only actual forms be forms with inputs... #410

<!-- gh-comment-id:326029287 --> @tablatronix commented on GitHub (Aug 30, 2017): why not replace form buttons with actual proper links ? hmm I am now wondering if semantically these should be styled links with hrefs, and only actual forms be forms with inputs... #410
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
revert-1849-master
feature_fastconnect
feature_auth
feature_slimable
PEAP
feature_statichtmlparams
feature_asyncwebserver
feature_pagestringsref
parameter-smart-ptr
gh-pages
Legacy_v1
hotfixes
autochannelselect_feature
travis
smartconfig
v2.0.17
v2.0.16-rc.2
v2.0.15-rc.1
v2.0.0-rc.1
v2.0.14-beta
v2.0.13-beta
v2.0.12-beta
v2.0.11-beta
v2.0.10-beta
v2.0.9-beta
v2.0.8-beta
2.0.7-beta
2.0.6-beta
2.0.5-beta
2.0.4-beta
0.16.0
2.0.3-alpha
0.15.0
0.14
0.13
0.12
0.11
0.10
0.9
0.8
0.7
0.6
0.5
v0.4
v0.3
v0.2
v0.1
Labels
Clear labels   
📶 WiFi

   
🕸️ HTTP

   
Branch

   
DEV Help Wanted

   
Discussion

   
Documentation

   
ESP32

   
Example

   
Good First Issue

   
Hotfix

   
In Progress

   
Incomplete

   
Needs Feeback

   
Priority

   
QA

   
Question

   
Task

   
Upstream/Dependancy

   
bug

   
duplicate

   
enhancement

   
invalid

   
pull-request

Mirrored from GitHub Pull Request

  
wontfix
No labels
📶 WiFi
🕸️ HTTP
Branch
DEV Help Wanted
Discussion
Documentation
ESP32
Example
Good First Issue
Hotfix
In Progress
Incomplete
Needs Feeback
Priority
QA
Question
Task
Upstream/Dependancy
bug
duplicate
enhancement
invalid
pull-request
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/WiFiManager#344
No description provided.