From 02b06385eaa46d995739e9f4d237d9ecf1c60c98 Mon Sep 17 00:00:00 2001
From: Yuri Konotopov <ykonotopov@gnome.org>
Date: Mon, 29 Mar 2021 22:42:42 +0400
Subject: [PATCH] extensionDownloader: Use POST request for checking updates

Usage of GET requests for checking updates was made deprecated
at website some time ago [1], but REST endpoint was
CSRF-protected until recently [2].
The body of update request may be big enough and thus does not
suitable for GET requests.

[1] https://gitlab.gnome.org/Infrastructure/extensions-web/-/commit/0b38da1b2b440db1b4eb767cff74acf8f8de18e0
[2] https://gitlab.gnome.org/Infrastructure/extensions-web/-/commit/e3ab0c07dce4d58b33b30700ec1ea7aa2e3b4230

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1781>
---
 js/ui/extensionDownloader.js | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/js/ui/extensionDownloader.js b/js/ui/extensionDownloader.js
index a7b40f973..6a3b2b488 100644
--- a/js/ui/extensionDownloader.js
+++ b/js/ui/extensionDownloader.js
@@ -151,12 +151,19 @@ function checkForUpdates() {
         'disable-extension-version-validation');
     let params = {
         shell_version: Config.PACKAGE_VERSION,
-        installed: JSON.stringify(metadatas),
         disable_version_validation: versionCheck.toString(),
     };
 
-    let url = REPOSITORY_URL_UPDATE;
-    let message = Soup.form_request_new_from_hash('GET', url, params);
+    const uri = Soup.URI.new(REPOSITORY_URL_UPDATE);
+    uri.set_query_from_form(params);
+
+    const message = Soup.Message.new_from_uri('POST', uri);
+    message.set_request(
+        'application/json',
+        Soup.MemoryUse.COPY,
+        JSON.stringify(metadatas)
+    );
+
     _httpSession.queue_message(message, () => {
         if (message.status_code != Soup.KnownStatusCode.OK)
             return;