Generally this pull-request is about wrapping the 'vulnerbable' methods (watchIssue and voteIssue) with @Consumes annotation. Thus, forcing the clients to specify the Content-Type explicitly ("application/json"), which should prevent naive XSRF attempts.
Similarly I'm wrapping the 'url-proxy' resource with the same annotation (because the url-proxy will have from now execute requests with Content-Type set to application/json too). That change is also for preventing naive XSRF attempts using that ('url-proxy') endpoint.
Check the https://jira.atlassian.com/browse/JRA-34744 for details.
Generally this pull-request is about wrapping the 'vulnerbable' methods (watchIssue and voteIssue) with @Consumes annotation. Thus, forcing the clients to specify the Content-Type explicitly ("application/json"), which should prevent naive XSRF attempts.
Similarly I'm wrapping the 'url-proxy' resource with the same annotation (because the url-proxy will have from now execute requests with Content-Type set to application/json too). That change is also for preventing naive XSRF attempts using that ('url-proxy') endpoint.