From 6d4c26617fbae3ceeb604622d59ca039a8fa0322 Mon Sep 17 00:00:00 2001
From: Andrew Azores <aazores@redhat.com>
Date: Mon, 31 Jul 2023 15:07:33 -0400
Subject: [PATCH] only allow GET requests if write-operations are not enabled

---
 src/main/java/io/cryostat/agent/remote/RecordingsContext.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/io/cryostat/agent/remote/RecordingsContext.java b/src/main/java/io/cryostat/agent/remote/RecordingsContext.java
index cb1cbe3d..b855302f 100644
--- a/src/main/java/io/cryostat/agent/remote/RecordingsContext.java
+++ b/src/main/java/io/cryostat/agent/remote/RecordingsContext.java
@@ -220,9 +220,9 @@ private void sendHeader(HttpExchange exchange, int status) {
     }
 
     private boolean ensureMethodAccepted(HttpExchange exchange) throws IOException {
-        Set<String> blocked = Set.of("POST");
+        Set<String> alwaysAllowed = Set.of("GET");
         String mtd = exchange.getRequestMethod();
-        boolean restricted = blocked.contains(mtd);
+        boolean restricted = !alwaysAllowed.contains(mtd);
         if (!restricted) {
             return true;
         }