185c8bac82
* Make it an error to supply empty API credentials, like this: `https://danbooru.donmai.us/posts.json?login=&api_key=`. Some clients did this for some reason. * Make it so that the `login` and `api_key` params are only allowed as URL params, not as POST or PUT body params. Allowing them as body params could interfere with the `PUT /api_keys/:id` endpoint, which takes an `api_key` param.
1.5 KiB
1.5 KiB