Hi, I recently found in my error logs a request to a page using METHOD=OPTIONS... I didn't even know this couls exist. Apparently, thes requests are sent by Microsoft Office, in this occurrence, while receiving some CSV file. This caused an error in my system because no parameter the template was expecting in the URL or the FORM scope was present. Obviously, my application does not support these requests, and I don't intend to do it.
I haven't find any procedure that would limit methods at server level in MSIS. Then I'm planing to add some check in my Application.cfm to limit requests to the only type I support, ie POST and GET, ie: <CFIF listFindNocase("POST,GET", CGI.REQUEST_METHOD) EQ 0> <cfheader statuscode="405" statustext="Method Not Allowed"> <CFABORT> </CFIF> But I see many other types of requests ( http://www.askapache.com/online-tools/request-method-scanner/ ) including MOVE, COPY or DELETE! My question: is: it safe to allow only GET and POST? What is the best practice in CF? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:326634 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4