The forthcoming release of version JobScheduler 1.7 will bring restrictions to the JobScheduler Engine commands that can be carried out via HTTP GET. From version 1.7 onwards only "read" access will be allowed.
We have decided to make this change in order to be able to prohibit cross-site scripting.
All <show_... /> commands will be allowed. Other commands such as <start_job …/>, <add_order …/>, <terminate …/> etc. will be prohibited.
We will be making a plugin available for users of HTTP GET, to enable commands to be sent from users' own applications to the JobScheduler Engine. This will require a modified URL but will enable all commands to be executed via HTTP GET.
See also: How to run JobScheduler with Jetty