API: Prevented non-GET requests when using cookie-based auth

Added test to cover.
2026-05-04 18:08:46 +03:00 · 2026-01-29 03:37:16 +00:00
parent ff59bbdc07
commit 6a63b38bb3
3 changed files with 31 additions and 3 deletions
--- a/lang/en/errors.php
+++ b/lang/en/errors.php
@@ -125,6 +125,7 @@ return [
    'api_incorrect_token_secret' => 'The secret provided for the given used API token is incorrect',
    'api_user_no_api_permission' => 'The owner of the used API token does not have permission to make API calls',
    'api_user_token_expired' => 'The authorization token used has expired',
+    'api_cookie_auth_only_get' => 'Only GET requests are allowed when using the API with cookie-based authentication',

    // Settings & Maintenance
    'maintenance_test_email_failure' => 'Error thrown when sending a test email:',