mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-03-08 20:32:36 -04:00
e65dcbe199
Phone numbers and email addresses are showing up in URLs where we let users search for sent notifications by phone number or email address. `GET` requests put the form data as a query string in the URL. This is problematic when people are searching by a recipient’s phone number or email address, because the URL may show up: - in our server logs - in our analytics - in the user’s browser history This is bad because these are all places where we don’t want people’s personal information. It’s not too bad when this is happening a handful of times. But it would be bad if we kept aggregating this information because it would allow us to track users across services. So, while it’s not especially RESTful, it’s better for the search form to submit as a `POST` request. This way the phone number or email address goes in the body of the request and does not show up in the URL.