Closed karmanyaahm closed 2 years ago
The main reason was to easily prevent CSRF. Modern browsers do an OPTIONS before a PUT and abort if the CORS doesn't match.
Actually, the @CORS
decoration require a bearer header which does the same. But I did the PUT before doing the endpoint rules.
I'd say, PUT /device/ several times always create a new device id whether there is already one with the same name :)
Ok, that makes sense
Consider changing this to a POST? https://github.com/UP-NextPush/server-app/blob/73efb123232c4f82f2405a779dc5ed2504fce150/appinfo/routes.php#L10-L13
According to MDN:
Here, when calling PUT /device/ several times with the same
deviceName
, it creates a new device each time, which is more suitable for POST than PUT.Edit: the same would probably apply to createApp