Our application recently undergone the security test, one of findings indicates that our application accepts modified requests where the HTTP method is changed from POST to GET. This may lead to exposure of the sensitive information transmitted in the URI string.
1. Reject request which do not use the expected HTTP method.
2. Transmit all sensitive information in the encrypted body part of POST requests
Please help recommend solution to mitigate this issue.