From 40b1280d764e2554620d967fe9560633b3160346 Mon Sep 17 00:00:00 2001
From: annaaa53 <butyn@et.esiea.fr>
Date: Wed, 8 Jan 2025 11:02:32 +0100
Subject: [PATCH 1/3] Update extension to send POST request

---
 webextension/lib/api.js                 | 24 +++++++++++++++++++-----
 webextension/lib/certificatesManager.js |  4 ++--
 2 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/webextension/lib/api.js b/webextension/lib/api.js
index 3ebb93d4..25739dfb 100644
--- a/webextension/lib/api.js
+++ b/webextension/lib/api.js
@@ -16,14 +16,28 @@ CMH.api = {}
  */
 CMH.api.requestFromUrl = async (urlTested, ip) => {
   const { host, port } = CMH.common.parseURL(urlTested)
-
+  
   // We won't send "ip=" to the verification server if it is empty
+  
   if (ip === "")
-    arguments = 'api.php?host='+encodeURIComponent(host)+'&port='+port+'&sign'
-  else
-    arguments = 'api.php?host='+encodeURIComponent(host)+'&port='+port+'&ip='+ip+'&sign'
+  {
+    arguments = {
+        host: encodeURIComponent(host),
+        port: port,
+        sign: true
+    }
+  }
+  else 
+  {
+    arguments = {
+        host: encodeURIComponent(host),
+        port: port,
+        sign: true,
+        ip:ip
+    }
+  }
 
-  const { cert, data:response_data, response } = await CMH.certificatesManager.getCertUrl(CMH.options.settings.checkServerUrl+arguments)
+  const { cert, data:response_data, response } = await CMH.certificatesManager.getCertUrl(CMH.options.settings.checkServerUrl+"api.php", false, arguments)
   if ((cert === null) || (response === null)) {
     return { error: 'SERVER_UNREACHABLE' }
   }
diff --git a/webextension/lib/certificatesManager.js b/webextension/lib/certificatesManager.js
index 9e883b40..a2eca0da 100644
--- a/webextension/lib/certificatesManager.js
+++ b/webextension/lib/certificatesManager.js
@@ -13,7 +13,7 @@ CMH.certificatesManager = {}
  * @param {boolean} [httpHeadMethod=false] - Use HTTP HEAD method
  * Get the certificate of an URL.
  */
-CMH.certificatesManager.getCertUrl = async (urlTested, httpHeadMethod=false) => {
+CMH.certificatesManager.getCertUrl = async (urlTested, httpHeadMethod=false, arguments={}) => {
   let response      = null
   let response_data = null
   let cert          = null
@@ -34,7 +34,7 @@ CMH.certificatesManager.getCertUrl = async (urlTested, httpHeadMethod=false) =>
     if (httpHeadMethod) {
       fetchInit = { method: 'HEAD' }
     } else {
-      fetchInit = {}
+      fetchInit = { method: 'POST', headers: {"Content-Type": "application/json"}, cache: 'no-cache', body: JSON.stringify(arguments) }
     }
     response = await fetch(urlTested, fetchInit)
 

From a024fcfab461547713b1b384a9f652be12158ccd Mon Sep 17 00:00:00 2001
From: annaaa53 <butyn@et.esiea.fr>
Date: Wed, 8 Jan 2025 11:28:00 +0100
Subject: [PATCH 2/3] Server update to handle GET and POST requests

---
 server-php/Dockerfile  |  6 +++++-
 server-php/www/api.php | 11 +++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/server-php/Dockerfile b/server-php/Dockerfile
index 6149f8b6..b32007ea 100644
--- a/server-php/Dockerfile
+++ b/server-php/Dockerfile
@@ -2,7 +2,7 @@ FROM php:apache
 
 RUN sed -i 's/^ServerTokens .*/ServerTokens Prod/g' /etc/apache2/conf-available/security.conf
 RUN sed -i 's/^ServerSignature .*/ServerSignature Off/g' /etc/apache2/conf-available/security.conf
-RUN echo 'expose_php = Off' > /usr/local/etc/php/php.ini
+RUN echo 'expose_php = Off' >> /usr/local/etc/php/php.ini
 
 RUN a2enmod ssl && service apache2 restart
 
@@ -10,6 +10,10 @@ COPY ./confs/apache-site.conf /etc/apache2/sites-available/cmh_api.conf
 COPY ./confs/cert /usr/local/etc/cmh_cert
 RUN a2dissite * && a2ensite cmh_api
 
+RUN chmod 600 /usr/local/etc/cmh_cert/privkey.key && chown www-data:www-data /usr/local/etc/cmh_cert/privkey.key
+RUN mkdir /var/tmp/cmh_cache
+RUN chown www-data:www-data /var/tmp/cmh_cache/
+
 COPY ./www /var/www/cmh_api/
 
 COPY ./vendor-static.tar.gz /tmp/
diff --git a/server-php/www/api.php b/server-php/www/api.php
index 9a1b81ee..50364496 100644
--- a/server-php/www/api.php
+++ b/server-php/www/api.php
@@ -42,11 +42,22 @@
 }
 
 // User inputs
+$data = json_decode( file_get_contents("php://input") );
+
+// For POST requests
+if ( isset($data->url) ) $request_url = $data->url;
+if ( isset($data->host) ) $request_host = $data->host;
+if ( isset($data->port) ) $request_port = $data->port;
+if ( isset($data->sign) ) $sign = $data->sign;
+if ( isset($data->ip) ) $request_ip = $data->ip;
+
+// For GET requests
 if (isset($_GET['url']))  $request_url  = $_GET['url'];
 if (isset($_GET['host'])) $request_host = $_GET['host'];
 if (isset($_GET['port'])) $request_port = $_GET['port'];
 if (isset($_GET['ip'])) $request_ip = $_GET['ip'];
 
+
 // Service requested by the user
 $service = (object) [
 	'host' => null,

From 43d9296d9332ab5d60f5322e2b21d563cb9ff891 Mon Sep 17 00:00:00 2001
From: Ced <toullier.gauthier@protonmail.com>
Date: Wed, 8 Jan 2025 14:03:08 +0100
Subject: [PATCH 3/3] We have change the method used for the fetch api call.
 Previously we used the get method and now we use the post method.

---
 Chromium/lib/api.js                 | 8 +++++++-
 Chromium/lib/certificatesManager.js | 4 ++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/Chromium/lib/api.js b/Chromium/lib/api.js
index 38d72f62..41ab2c94 100644
--- a/Chromium/lib/api.js
+++ b/Chromium/lib/api.js
@@ -14,7 +14,13 @@ CMH.api = {}
 CMH.api.requestFromUrl = async (urlTested) => {
  const { host, port } = CMH.common.parseURL(urlTested)
 
- const { data:response_data, response } = await CMH.certificatesManager.getCertUrl(CMH.options.settings.checkServerUrl+'api.php?host='+encodeURIComponent(host)+'&port='+port)
+ let arguments = {
+    host: encodeURIComponent(host),
+    port: port,
+    sign: true
+ }
+
+ const { data:response_data, response } = await CMH.certificatesManager.getCertUrl(CMH.options.settings.checkServerUrl+"api.php", false, arguments);
  if ( response === null ) {
    return { error: 'SERVER_UNREACHABLE' }
  }
diff --git a/Chromium/lib/certificatesManager.js b/Chromium/lib/certificatesManager.js
index 86a4fe64..5f42bf2a 100644
--- a/Chromium/lib/certificatesManager.js
+++ b/Chromium/lib/certificatesManager.js
@@ -13,7 +13,7 @@ CMH.certificatesManager = {}
  * @param {boolean} [httpHeadMethod=false] - Use HTTP HEAD method
  * Get the certificate of an URL.
  */
-CMH.certificatesManager.getCertUrl = async (urlTested, httpHeadMethod=false) => {
+CMH.certificatesManager.getCertUrl = async (urlTested, httpHeadMethod=false, arguments={}) => {
   let response      = null
   let response_data = null
 
@@ -21,7 +21,7 @@ CMH.certificatesManager.getCertUrl = async (urlTested, httpHeadMethod=false) =>
     if (httpHeadMethod) {
       fetchInit = { method: 'HEAD' }
     } else {
-      fetchInit = {}
+      fetchInit = { method: 'POST', headers: {"Content-Type": "application/json"}, cache: 'no-cache', body: JSON.stringify(arguments)}
     }
     response = await fetch(urlTested, fetchInit)