...
Version 1.7 and newer of JobScheduler brings restrictions to the JobScheduler Engine commands that can be carried out via HTTP GET, with only " read " access being allowed.
This means that all <show_... />
commands are allowed. Other commands such as <start_job …/>, <add_order …/>, <terminate …/>
etc. are prohibited.
We have made this change in order to be able to prohibit compatible with existing HTTP standards to prevent cross-site scripting (see https://www.owasp.org/index.php/CSRF).
We will be making make a plugin available for users of HHTP HTTP GET, to enable commands to be sent from their own applications to the JobScheduler engine. This will require a modified URL but will enable all commands to be executed via HTTP GET.
...
Information about use of the plugin can be found in our Trouble Ticket JS-1155.
See also
...