The following code using POST returns security error

var querys = GetJobSearchQuery(jobname, prodName, userID, sortingList == "JobAutoSys" ? true : false);

    var hostweburl = decodeURIComponent(getQueryStringParameter("SPHostUrl"));

    var appweburl = decodeURIComponent(getQueryStringParameter("SPAppWebUrl"));

    var executor = new SP.RequestExecutor(appweburl);

    var url = appweburl + "/_api/SP.AppContextSite(@target)/web/lists/getbytitle('JobAutoSys')/GetItems(query=@v1)?" + "@v1=" + JSON.stringify(querys) + "@target='" + hostweburl + "'";

    executor.executeAsync({

    url: url,

    method: "POST",

    dataType: "json",

    headers: {

         "X-RequestDigest": NWF$("#__REQUESTDIGEST").val(),

            'content-type': 'application/json;odata=verbose',

         "Accept": "application/json; odata=verbose" },

    success: function (data) {

The reason to use POST is because I have to use caml query. Can anybody let me know what is wrong?