only allow GET requests if write-operations are not enabled

cryostatio · Aug 4, 2023 · 6d4c266 · 6d4c266
1 parent 46ffac3
commit 6d4c266
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/main/java/io/cryostat/agent/remote/RecordingsContext.java b/src/main/java/io/cryostat/agent/remote/RecordingsContext.java
@@ -220,9 +220,9 @@ private void sendHeader(HttpExchange exchange, int status) {
     }
 
     private boolean ensureMethodAccepted(HttpExchange exchange) throws IOException {
-        Set<String> blocked = Set.of("POST");
+        Set<String> alwaysAllowed = Set.of("GET");
         String mtd = exchange.getRequestMethod();
-        boolean restricted = blocked.contains(mtd);
+        boolean restricted = !alwaysAllowed.contains(mtd);
         if (!restricted) {
             return true;
         }