From 945420baaf1e06f1e6509013fc744c5aa67c89a3 Mon Sep 17 00:00:00 2001
From: Christoph Wurst <christoph@winzerhof-wurst.at>
Date: Mon, 24 Apr 2017 11:02:07 +0200
Subject: [PATCH] Use HTTP POST to retrieve the list of contacts

We do not want to have sensitive information in the URL and
therefore also not in the access log. Thus the GET request is
replaced by a POST request.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
---
 core/js/contactsmenu.js | 2 +-
 core/routes.php         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/js/contactsmenu.js b/core/js/contactsmenu.js
index cad98c5d02..93d5c43719 100644
--- a/core/js/contactsmenu.js
+++ b/core/js/contactsmenu.js
@@ -476,7 +476,7 @@
 		_getContacts: function(searchTerm) {
 			var url = OC.generateUrl('/contactsmenu/contacts');
 			return Promise.resolve($.ajax(url, {
-				method: 'GET',
+				method: 'POST',
 				data: {
 					filter: searchTerm
 				}
diff --git a/core/routes.php b/core/routes.php
index 0e882c625f..02556c3a50 100644
--- a/core/routes.php
+++ b/core/routes.php
@@ -57,7 +57,7 @@ $application->registerRoutes($this, [
 		['name' => 'Preview#getPreview', 'url' => '/core/preview.png', 'verb' => 'GET'],
 		['name' => 'Css#getCss', 'url' => '/css/{appName}/{fileName}', 'verb' => 'GET'],
 		['name' => 'Js#getJs', 'url' => '/js/{appName}/{fileName}', 'verb' => 'GET'],
-		['name' => 'contactsMenu#index', 'url' => '/contactsmenu/contacts', 'verb' => 'GET'],
+		['name' => 'contactsMenu#index', 'url' => '/contactsmenu/contacts', 'verb' => 'POST'],
 	],
 	'ocs' => [
 		['root' => '/cloud', 'name' => 'OCS#getCapabilities', 'url' => '/capabilities', 'verb' => 'GET'],