题
I'm creating a simple little (rest)API and now I would like to secure a part of this API with htpasswd (using the oauth library is too much hassle for the simple thing I'm trying to make). Is it possible to only use the .htpasswd file for incoming POST-request and not for GET-requests?
Or is this insecure to begin with (eg. can post-requests be disguised as GET-request)?
Thanks!
解决方案
After searching for a while I found the answer somewhere myself. I noticed somewhere that the require valid-user part in the .htaccess file was surrounded by <Limit GET></Limit> and tried changing that to POST. And it worked!
https://stackoverflow.com/questions/19197657
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian<Limit POST>
require valid-user
</Limit>
