Daniel Compton

I was looking through our app logs recently and saw this warning message printed from our headless Chrome service:

[1208/221244.718990:ERROR:devtools_http_handler.cc(636)] Using unsafe HTTP verb GET to invoke /json/new. This action will stop supporting GET and POST verbs in future versions.

After some searching, I found that the solution is to change the request to use PUT instead of GET. It appears as if the change is to prevent XSRF attacks against the DevTools HTTP server.

I found this by using the Chromium code search tool and looking at the source of the warning. The blame led me to a discussion with Paul Irish on what should be used instead. The consensus was to use PUT. An example of this change can be seen in the Lighthouse project.