diff --git a/rules/apis.py b/rules/apis.py
index 01a5636..91a10a1 100644
--- a/rules/apis.py
+++ b/rules/apis.py
@@ -66,7 +66,7 @@ def add_rule_api(request):
return JsonResponse({'status': 'success'})
-@api_view(['GET'])
+@api_view(['POST'])
def toggle_rule_status_api(request, rule_id):
"""Change status of an alerting rule."""
rule = get_object_or_404(Rule, id=rule_id)
@@ -79,7 +79,7 @@ def toggle_rule_status_api(request, rule_id):
return JsonResponse({'status': 'success'})
-@api_view(['GET'])
+@api_view(['POST'])
def duplicate_rule_api(request, rule_id):
"""Duplicate an alerting rule."""
new_rule = get_object_or_404(Rule, id=rule_id)
diff --git a/rules/templates/list-rules.html b/rules/templates/list-rules.html
index 431c97f..ee99c24 100644
--- a/rules/templates/list-rules.html
+++ b/rules/templates/list-rules.html
@@ -328,7 +328,8 @@ Delete Rule ?
var request = $.ajax({
url: "{% url 'duplicate_rule_api' 0 %}".replace("0", rule_id),
- method: "GET",
+ method: "POST",
+ headers: {"X-CSRFToken": "{{ csrf_token }}"},
});
request.done(function(response){
if (response.status == 'success'){location.reload()}
@@ -340,7 +341,7 @@ Delete Rule ?
rule_id = e.currentTarget.getAttribute('rule-id');
var request = $.ajax({
url: "/rules/api/v1/change_status/"+rule_id,
- method: "GET",
+ method: "POST",
headers: {"X-CSRFToken": "{{ csrf_token }}"},
success: function(){
if (e.currentTarget.textContent == "Disabled") {
@@ -407,7 +408,6 @@ Delete Rule ?
var request = $.ajax({
url: delete_url,
method: "POST",
- // data: JSON.stringify(rules_to_delete),
data: rules_to_delete,
contentType: "application/json"
});