asp.net-corehttp-headershttp-verbs
Disable HTTP Options method in ASP.Net Core 3.1
We have a requirement of disabling the HTTP OPTIONS method in an ASPNET Core Web application due as a part of security fixes. How can we disable the HTTP OPTIONS method in ASP.Net core 3.1 API?
Solution
Here is a demo with middleware: Add this to your startup Configure:
app.Use(async (context, next) =>
{
// Do work that doesn't write to the Response.
if (context.Request.Method=="OPTIONS")
{
context.Response.StatusCode = 405;
return;
}
await next.Invoke();
// Do logging or other work that doesn't write to the Response.
});
result:
Or you can apply [HttpGet] [HttpPost] [HttpPut] ... on your action method in controller.Here is an official document about the Http Verbs.
- Dependency Injection on AuthorizationOptions Requirement in DotNet Core
- Enable OPTIONS header for CORS on .NET Core Web API
- ASP.NET Core 8 OpenID Connect - SUB claim missing on User.Identity
- Pager in .Net Core 2.1
- What is different in my Ajax vs XMLHttpRequest Call that lets my Server understand Ajax but not XMLHttpRequest?
- Enable interactive render mode on Blazor templates accounts pages
- .Net Core SignalR Connection between services has an issue
- How to register multiple implementations of the same interface with different dependencies
- ASP.NET Core hosting environment variable ignored
- How to get return value from Task wait()
- User.Identity.IsAuthenticated always false in .net core custom authentication
- I want to pre-fill an input of type IFormFile
- Net Core Simple way to Find Temperature from Openweather API
- Get email claim from identity after upgrading to .NET 8 not working
- Unable to send the List of model data to a view using asp.net mvc
- Routing with Areas and Controller Name (asp.net core)
- Bind gRPC services to specific port in aspnetcore
- Redis cache in .NET 8 is not taking effect?
- Use React Authentication with .NET backend?
- List users with roles in a razor page using asp.net 6.0 Identity
- Correct handling of formless AJAX POST and AntiForgery in C# Razor Pages
- how to load partial view in ajax in asp.net core
- Entity Framework Core multiple connection strings on same DBContext?
- error A value of type 'int' cannot be used as a default parameter because there are no standard conversions to type
- What is this string inside Blazor components HTML tag
- Blazor Server: Breadcrumb change using JavaScript persists across pages
- .net blazor new debug profile lacks .css .js why?
- How to get results from a Postgresql function using EF Core?
- ASP Net identity two factor authentication last expired token is getting validated successfully
- Why string property must be declared as nullable string in Entity Framework Core when corresponding database table column is nullable