My testinng team have found out that Spago Allows Http Method Traversal for Http Calls like POST & GET.
When HTTP POST call is made then it should only respond to the HTTP POST call, if my testing team manually modifies the Type of call from HTTP POST to HTTP GET and then send the same data then also it gives response. So how can I block this method traversal. SpagoBI is developed on JSP & Servlets. Please help if you know the solution.
SpagoBI is completely open source and source code are also available.
I am using SpagoBI 5.1 version.
