abp icon indicating copy to clipboard operation
abp copied to clipboard
verified publisher icon abpframework

HTTP issue TRACE, PATCH, and OPTIONS

Open Keertesh opened this issue 1 year ago • 5 comments

Documentation

Please check the official documentation before asking questions: https://docs.abp.io

GitHub Issues

GitHub issues are for bug reports, feature requests, and other discussions about the framework.

If you're creating a bug/problem report, please include the following:

  • Your ABP Framework 7.3.1.
  • Your User Interface type (Angular)
  • Your database provider(EF Core)

HTTP offers several methods (or verbs) that can be used to perform actions on the web server and can sometimes be exploited by attackers. An application may disallow the HTTP requests to perform TRACE, PATCH, and OPTIONS operations on the resource representation. This might allow attackers to bypass intended access restrictions and conduct resource modification and deletion attacks since some applications allow these methods to modify the state of the server

Keertesh avatar Feb 06 '24 06:02 Keertesh

image

will this be taken care of with HTTPS or do I have to use ABP settings to make those changes?

Keertesh avatar Feb 07 '24 06:02 Keertesh

@maliming

Keertesh avatar Feb 08 '24 06:02 Keertesh

Hi

You can customize the code to solve the above situation.

maliming avatar Feb 08 '24 06:02 maliming

please sned me any references or url if you have thanks.

Keertesh avatar Feb 09 '24 08:02 Keertesh

hi

https://stackoverflow.com/questions/64349057/disable-http-options-method-in-asp-net-core-3-1

maliming avatar Feb 09 '24 09:02 maliming