uppercaseMethodValidator

Version

Accepts only methods consisting of uppercase letters A-Z, up to maxLength characters. The strictest policy: GET and POST pass, but PROPFIND2 (digit) and get (lowercase) are answered with 501 Not Implemented. See examples/configuration for a runnable config.

Example Configuration

components:
methodValidator:
uppercaseMethodValidator:
maxLength: 10
components:
   methodValidator:
     uppercaseMethodValidator:
       maxLength: 10

Syntax

uppercaseMethodValidator:
allowTrace: <boolean>
maxLength: <number>
uppercaseMethodValidator:
  allowTrace: <boolean>
  maxLength: <number>

Attributes

NameRequiredDefaultDescriptionExamples
allowTracefalsefalseWhether to allow the TRACE HTTP method. TRACE echoes the request back in the response body and is a classic vector for cross-site tracing attacks, so it is rejected unless explicitly allowed.true
maxLengthfalse20Maximum length of an accepted method. Methods longer than this are rejected.16

Can be used in