You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Although not documented or defined in the ARK spec, the general behavior of the existing predominant ARK resolver is to essentially ignore the HTTP method and simply return the target location.
Modern frameworks expect well defined behavior for HTTP methods, with a default response of 405 if the method is not explicitly supported.
Goal here is to explicitly enable support for HTTP HEAD, PUT, and POST methods in addition to the existing GET method support. In the cases of PUT and POST, the body should be ignored and not loaded to avoid resource consumption attackes.
The text was updated successfully, but these errors were encountered:
HEAD and GET requests are supported. POST and PUT may be added if demand, but these can be problematic from a security POV since need to carefully handle a potential barrage of large request bodies.
Although not documented or defined in the ARK spec, the general behavior of the existing predominant ARK resolver is to essentially ignore the HTTP method and simply return the target location.
Modern frameworks expect well defined behavior for HTTP methods, with a default response of 405 if the method is not explicitly supported.
Goal here is to explicitly enable support for HTTP HEAD, PUT, and POST methods in addition to the existing GET method support. In the cases of PUT and POST, the body should be ignored and not loaded to avoid resource consumption attackes.
The text was updated successfully, but these errors were encountered: