Skip to content

/play1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Define allowed methods used in 'X-HTTP-Method-Override' #1300

Closed
xael-fry opened this issue Mar 14, 2019 · 1 comment
Closed

Define allowed methods used in 'X-HTTP-Method-Override' #1300

xael-fry opened this issue Mar 14, 2019 · 1 comment
Assignees
@xael-fry
Labels
defect
Milestone
1.5.3

Comments

@xael-fry
Copy link
Member

@xael-fry xael-fry commented Mar 14, 2019

Play Version (1.5.x / etc)

Version 1.5

Operating System (Ubuntu 15.10 / MacOS 10.10 / Windows 10)

Windows 7 or linux

JDK

Oracle 1.8

Expected Behavior

I want to be able to limit method that could be defined in 'X-HTTP-Method-Override'

Actual Behavior

If 'X-HTTP-Method-Override' is defined all method will be handled by Play, we want to limit the impact of this header
@xael-fry xael-fry changed the title Define methods used in 'X-HTTP-Method-Override' Define allowed methods used in 'X-HTTP-Method-Override' Mar 14, 2019
xael-fry pushed a commit to xael-fry/play that referenced this issue Mar 14, 2019
Alexandre Chatiron
[playframework#1300] feat: Define allowed methods used in 'X-HTTP-Met…
Loading status checks…
184c4af 
…hod-Override'
@xael-fry xael-fry mentioned this issue Mar 15, 2019
Merged
xael-fry pushed a commit to xael-fry/play that referenced this issue Mar 15, 2019
Alexandre Chatiron
[playframework#1300] feat: Define allowed methods used in 'X-HTTP-Met…
Loading status checks…
ebf6ceb 
…hod-Override'
@xael-fry xael-fry mentioned this issue Mar 18, 2019
Merged
5 of 5 tasks complete
xael-fry added a commit that referenced this issue Mar 19, 2019
@xael-fry
Merge pull request #1301 from xael-fry/1300_x-http-method-override_al…
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
7efdc6e 
…lowed_method_config

[#1300] feat: Define allowed methods used in 'X-HTTP-Method-Override'
xael-fry pushed a commit to xael-fry/play that referenced this issue Mar 19, 2019
Alexandre Chatiron
[playframework#1300] feat: Define allowed methods used in 'X-HTTP-Met…
Loading status checks…
c6831bd 
…hod-Override'
xael-fry pushed a commit to xael-fry/play that referenced this issue Mar 19, 2019
Alexandre Chatiron
[playframework#1300] feat: Define allowed methods used in 'X-HTTP-Met…
Loading status checks…
80a94a6 
…hod-Override'
xael-fry added a commit that referenced this issue Mar 21, 2019
@xael-fry
Merge pull request #1302 from xael-fry/1300_x-http-method-override_al…
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
17a3efa 
…lowed_method_config_for_1.4.x

[#1300] feat: Define allowed methods used in 'X-HTTP-Method-Override'
@xael-fry xael-fry added this to the 1.5.3 milestone Mar 21, 2019
@xael-fry xael-fry added the defect label Mar 21, 2019
@xael-fry xael-fry self-assigned this Mar 21, 2019
@Fraserhardy

This comment has been minimized.

Sign in to view
Copy link
Contributor

@Fraserhardy Fraserhardy commented Oct 22, 2019

We've found that although the header is disabled, its still possible to use X-HTTP-Method-Override by passing as a query string. This is handled by play.mvc.Router#route(play.mvc.Http.Request) separately from the Header.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@xael-fry xael-fry

Labels
defect
Projects
None yet
Milestone
  1.5.3
2 participants
@xael-fry @Fraserhardy
You can’t perform that action at this time.