The tests do not cover POST requests. The fix does so there is no vulnerability with a POST but I think it would be worth adding a test to prevent a regression of the kind illustrated in the attached diff (diff wrt patch from #15). I can propose that to master after this fix is released.
I'm +2 for the patch in #15
The tests do not cover POST requests. The fix does so there is no vulnerability with a POST but I think it would be worth adding a test to prevent a regression of the kind illustrated in the attached diff (diff wrt patch from #15). I can propose that to master after this fix is released.