mirror of
https://github.com/lightningnetwork/lnd.git
synced 2025-12-07 11:22:37 +01:00
1dc2a394e6
It turns out that when a REST call to an endpoint (in this specific example /v1/payments, which for GET returns all payments but for DELETE removes all payments) is made with POST instead of the correct registered method, the grpc-gateway tried to find a fallback method. That resulted in randomly choosing between any of the calls with the same URI pattern. This is of course catasrophic if the user attempts to query the list of payments (but using POST instead of GET by accident) and then ending up calling the DELETE endpoint instead.
30 KiB
30 KiB