[kkoa]

Added: [pkg] PR:12265: [webserver] dont allow jsonrpc over http get

I think this change is not good as I sometimes use JSON RPC via the webbrowser for non read-only methods which then won't work anymore.

The problem is that using GET requests to modify data is a security risk as any website open in your browser could silently execute a GET request against a local Kodi web server (assuming it knows the IP address and port). The original discussion started here (see "Security concerns" section). If you have concerns you'd best post a comment in the PR while it's still open.

Yeah, I read the PR. Doubt they would change it just for me even though I have never heard of anybody hijacking Kodi. For extended security one could just set a password for the web interface.

Wouldn't it still be possbile to make a form targetting a frame to hijack Kodi with a post request then?