From 78252ce7d079d54399ac5d9b2171f0490f2b9d2e Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Mon, 9 Dec 2013 08:17:52 +0100
Subject: [PATCH] spiceproxy: use POST instead of GET

using GET is a security risk (no CSRF checks)
---
 PVE/API2/Qemu.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index 4712abb9..45607686 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -1348,9 +1348,9 @@ __PACKAGE__->register_method({
 __PACKAGE__->register_method({
     name => 'spiceproxy',
     path => '{vmid}/spiceproxy',
-    method => 'GET',
+    method => 'POST',
     protected => 1,
-    proxyto => 'node', # fixme: use direct connections or ssh tunnel?
+    proxyto => 'node',
     permissions => {
 	check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
     },
-- 
2.39.5