CLAassistant
commented
1 year ago
All committers have signed the CLA.
Open delasource opened 1 year ago
CLAassistant
commented
1 year ago
All committers have signed the CLA.
lugehorsam
commented
3 months ago Hey @delasource we cannot modify the existing rpcHttpKey from GET to POST because it would subtly break users' server runtime functions that are expecting query parameters.
Would introducing a new rpcHttpKeyPost function solve your issue?
fixes #162 and #133 (and also probably https://github.com/heroiclabs/nakama/issues/400 )
even though you could argue that you throw the payload part of a GET request away by intention, using POST for server-to-server calls is even a security bonus, as the possibility to sniff query params gets eliminated.
Also nowhere in the docs it is mentioned, that "input" is not a thing in these rpcHttpKey-calls. This PR fixes that and makes the "input" param actually behave the same way, that session-authorized rpc's do.