Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Define allowed methods used in 'X-HTTP-Method-Override' #1300

Closed
xael-fry opened this issue Mar 14, 2019 · 1 comment
Closed

Define allowed methods used in 'X-HTTP-Method-Override' #1300

xael-fry opened this issue Mar 14, 2019 · 1 comment
Assignees
Labels
Milestone

Comments

@xael-fry
Copy link
Member

@xael-fry xael-fry commented Mar 14, 2019

Play Version (1.5.x / etc)

Version 1.5

Operating System (Ubuntu 15.10 / MacOS 10.10 / Windows 10)

Windows 7 or linux

JDK

Oracle 1.8

Expected Behavior

I want to be able to limit method that could be defined in 'X-HTTP-Method-Override'

Actual Behavior

If 'X-HTTP-Method-Override' is defined all method will be handled by Play, we want to limit the impact of this header

@xael-fry xael-fry changed the title Define methods used in 'X-HTTP-Method-Override' Define allowed methods used in 'X-HTTP-Method-Override' Mar 14, 2019
xael-fry pushed a commit to xael-fry/play that referenced this issue Mar 14, 2019
xael-fry pushed a commit to xael-fry/play that referenced this issue Mar 15, 2019
xael-fry added a commit that referenced this issue Mar 19, 2019
…lowed_method_config

[#1300] feat: Define allowed methods used in 'X-HTTP-Method-Override'
xael-fry pushed a commit to xael-fry/play that referenced this issue Mar 19, 2019
xael-fry pushed a commit to xael-fry/play that referenced this issue Mar 19, 2019
xael-fry added a commit that referenced this issue Mar 21, 2019
…lowed_method_config_for_1.4.x

[#1300] feat: Define allowed methods used in 'X-HTTP-Method-Override'
@xael-fry xael-fry added this to the 1.5.3 milestone Mar 21, 2019
@xael-fry xael-fry added the defect label Mar 21, 2019
@xael-fry xael-fry self-assigned this Mar 21, 2019
@Fraserhardy

This comment has been minimized.

Copy link
Contributor

@Fraserhardy Fraserhardy commented Oct 22, 2019

We've found that although the header is disabled, its still possible to use X-HTTP-Method-Override by passing as a query string. This is handled by play.mvc.Router#route(play.mvc.Http.Request) separately from the Header.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.