Merge pull request #4369 from ollama/mxyng/post-token

use post token

app/lifecycle/updater.go

@@ -56,13 +56,13 @@ func IsNewReleaseAvailable(ctx context.Context) (bool, UpdateResponse) {
 	query.Add("nonce", nonce)
 	requestURL.RawQuery = query.Encode()
 
-	data := []byte(fmt.Sprintf("%s,%s", http.MethodGet, requestURL.RequestURI()))
+	data := []byte(fmt.Sprintf("%s,%s", http.MethodPost, requestURL.RequestURI()))
 	signature, err := auth.Sign(ctx, data)
 	if err != nil {
 		return false, updateResp
 	}
 
-	req, err := http.NewRequestWithContext(ctx, http.MethodGet, requestURL.String(), nil)
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, requestURL.String(), nil)
 	if err != nil {
 		slog.Warn(fmt.Sprintf("failed to check for update: %s", err))
 		return false, updateResp

server/auth.go

@@ -57,7 +57,7 @@ func getAuthorizationToken(ctx context.Context, challenge registryChallenge) (st
 	}
 
 	sha256sum := sha256.Sum256(nil)
-	data := []byte(fmt.Sprintf("%s,%s,%s", http.MethodGet, redirectURL.String(), base64.StdEncoding.EncodeToString([]byte(hex.EncodeToString(sha256sum[:])))))
+	data := []byte(fmt.Sprintf("%s,%s,%s", http.MethodPost, redirectURL.String(), base64.StdEncoding.EncodeToString([]byte(hex.EncodeToString(sha256sum[:])))))
 
 	headers := make(http.Header)
 	signature, err := auth.Sign(ctx, data)
@@ -67,7 +67,7 @@ func getAuthorizationToken(ctx context.Context, challenge registryChallenge) (st
 
 	headers.Add("Authorization", signature)
 
-	response, err := makeRequest(ctx, http.MethodGet, redirectURL, headers, nil, nil)
+	response, err := makeRequest(ctx, http.MethodPost, redirectURL, headers, nil, nil)
 	if err != nil {
 		return "", err
 	}