Disable HTTP Options method in ASP.Net Core 3.1
We have a requirement of disabling the HTTP OPTIONS method in an ASPNET Core Web application due as a part of security fixes. How can we disable the HTTP OPTIONS method in ASP.Net core 3.1 API?
Solution
Here is a demo with middleware: Add this to your startup Configure:
app.Use(async (context, next) =>
{
// Do work that doesn't write to the Response.
if (context.Request.Method=="OPTIONS")
{
context.Response.StatusCode = 405;
return;
}
await next.Invoke();
// Do logging or other work that doesn't write to the Response.
});
result:
Or you can apply [HttpGet] [HttpPost] [HttpPut] ... on your action method in controller.Here is an official document about the Http Verbs.
- AJAX implementation doesn't work properly for "like" button ASP.NET Core 2.1
- ASP.Net Core 2.0 MVC website Styles and content disappear when opening Bootstrap Modal Dialog
- Rate limit policy settings is not applied using AspNetCoreRateLimit
- ASP.NET Core appsettings.json update in code
- Asp.Net Core Swagger Sort Tags Alphabetically
- ASP.NET Core 3.0 Web API - controller method not hit
- Conditional @section for stylesheets and scripts
- How to wait for MSSQL in Docker Compose?
- How to use middleware to instead of controller initialize?
- Can't figure out is it possible to use multiple schemas in Hot Chocolate for ASP.NET Core
- Inject ITokenAcquisition in Singleton Service does not work with ASPNETCORE_ENVIRONMENT=Development
- How to register generic type mediatR handler?
- .Net Core ValidateAntiForgeryToken throwing web api 400 error
- Is it possible to add multiple audiences to AAD bearer token?
- Jwt Authentication is not working in Blazor Web Assembly (Server and Client)
- What does "= []" mean in C# / .NET Core ? How convert to .NET 4.8?
- Slow log in Redis Cache
- Change Angular output directory from wwwroot to another folder in ASP.NET
- How to utilize StrawberryShake tools for schema located in github
- Command line connection string for EF core database update
- ASP.NET Core 8.0: Swagger Error When Using IFormFile in Upload Endpoint
- Problem in passing a form with input fields and table data from view to controller in ASP.NET Core using jQuery Ajax
- Assets file obj\project.assets.json doesn't have a target - VS2017
- EF Core why are related properties being returned
- ASP.NET Core MVC : extend how the RequiredAttribute works
- How to enable to select culture with both url and cookie in asp.net core razor and blazor pages?
- ASP.NET Core versioning, UrlSegmentApiVersionReader, routes match nonsense version numbers
- How to delete the session state cookie?
- ASP.NET Core Authorize attribute not working with JWT
- Problem with JWT authorization in ASP.NET Core