NCC Group found that we were passing the user's password as plaintext to the endpoint that listed all profiles for the given phone number.
This PR changes the list endpoint of the PhoneAccountProfileViewset to wrap with the @action decorator that expects a POST and updates the code to use POST data rather than the query string.
NCC Group found that we were passing the user's password as plaintext to the endpoint that listed all profiles for the given phone number.
This PR changes the
listendpoint of thePhoneAccountProfileViewsetto wrap with the@actiondecorator that expects a POST and updates the code to use POST data rather than the query string.