Why does JobScheduler not execute all commands via HTTP GET?
Version 1.7 and newer of JobScheduler brings restrictions to the JobScheduler Engine commands that can be carried out via HTTP GET, with only "read" access being allowed.
This means that all <show_... /> commands are allowed. Other commands such as <start_job …/>, <add_order …/>, <terminate …/> etc. are prohibited.
We have made this change in order to be able to prohibit cross-site scripting (see https://www.owasp.org/index.php/CSRF).
We will be making a plugin available for users of HHTP GET, to enable commands to be sent from their own applications to the JobScheduler engine. This will require a modified URL but will enable all commands to be executed via HTTP GET.
Details about the changes to the use of HTTP GET can be found in our Trouble Ticket JS-1154.
Information about use of the plugin can be found in our Trouble Ticket JS-1155.
See also: