Github issue 34380: Restricted controller to handle only POST requests.

Author: Melnychuk-Alexandr

app/code/Magento/Checkout/Controller/Sidebar/UpdateItemQty.php

@@ -62,9 +62,14 @@ public function __construct(
 
     /**
      * @return $this
+     * @throws LocalizedException
      */
     public function execute()
     {
+        if (!$this->getRequest()->isPost()) {
+            throw new LocalizedException(__('Wrong request.'));
+        }
+
         $itemId = (int)$this->getRequest()->getParam('item_id');
         $itemQty = (float)$this->getRequest()->getParam('item_qty') * 1;
         $itemQty = $this->quantityProcessor->prepareQuantity($itemQty);