Subscribe

UiPath Installation and Upgrade

The UiPath Installation and Upgrade Guide

Disabling the HTTP Method Override Request

Some web frameworks provide a way to override the HTTP method in the request by supplying specific HTTP request headers, such as X-HTTP-Method, XHTTP-Method-Override, and X-Method-Override.

Authorization in Orchestrator is performed, by default, after HTTP headers are consumed. As a result, verb tunneling is not something you should worry about.

However, for an added extra layer of security, you can disable the X-HTTP-METHOD-OVERRIDE header in the web.config file of your Orchestrator instance, by setting its size limit to 0.

For example, you can add the following in the config file:

<security>
     <requestFiltering>
          <requestLimits>
              <headerLimits>
                    <add header="X-HTTP-METHOD-OVERRIDE" sizeLimit="0" />
              </headerLimits>
           </requestLimits>
     </requestFiltering>
</security>

Updated 2 months ago


Disabling the HTTP Method Override Request


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.