[SECURITY-3093] Require POST to delete modules - fix CSRF
SECURITY-3093 reports that Ivy Plugin 2.5 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.
This vulnerability allows attackers to delete disabled modules.
Testing done
Automated tests pass.
Needs interactive test to confirm.
### Submitter checklist
- [x] Make sure you are opening from a **topic/feature/bugfix branch** (right side) and not your main branch!
- [x] Ensure that the pull request title represents the desired changelog entry
- [x] Please describe what you did
- [x] Link to relevant issues in GitHub or Jira
- [x] Link to relevant pull requests, esp. upstream and downstream changes
- [x] Ensure you have provided tests - that demonstrates feature works or fixes the issue
[SECURITY-3093] Require POST to delete modules - fix CSRF
SECURITY-3093 reports that Ivy Plugin 2.5 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.
This vulnerability allows attackers to delete disabled modules.
Testing done
Automated tests pass.
Needs interactive test to confirm.