Uploaded image for project: 'Spring Framework'
  1. Spring Framework
  2. SPR-16836

Restrict allowed HTTP methods in HiddenHttpMethodFilter

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Complete
    • Affects Version/s: None
    • Fix Version/s: 4.3.18, 5.0.7, 5.1 RC1
    • Component/s: Reactive, Web
    • Labels:
      None
    • Last commented by a User:
      false

      Description

      Currently the HiddenHttpMethodFilter allows requests to change the HTTP method to any method. Both Servlet and Reactive variants should restrict the allowed HTTP methods to : PUT, PATCH and DELETE.

        Attachments

          Activity

            People

            • Assignee:
              bclozel Brian Clozel
              Reporter:
              bclozel Brian Clozel
              Last updater:
              Stéphane Nicoll
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                5 weeks, 1 day ago