订阅

UiPath Installation and Upgrade

UiPath 安装和升级指南

禁用 HTTP 方法覆盖请求

Some web frameworks provide a way to override the HTTP method in the request by supplying specific HTTP request headers, such as X-HTTP-Method, XHTTP-Method-Override, and X-Method-Override.

Authorization in Orchestrator is performed, by default, after HTTP headers are consumed. As a result, verb tunneling is not something you should worry about.

However, for an added extra layer of security, you can disable the X-HTTP-METHOD-OVERRIDE header in the web.config file of your Orchestrator instance, by setting its size limit to 0.

例如,您可以在配置文件中添加以下代码:

<security>
     <requestFiltering>
          <requestLimits>
              <headerLimits>
                    <add header="X-HTTP-METHOD-OVERRIDE" sizeLimit="0" />
              </headerLimits>
           </requestLimits>
     </requestFiltering>
</security>

大约一年前更新


禁用 HTTP 方法覆盖请求


建议的编辑仅限用于 API 参考页面

您只能建议对 Markdown 正文内容进行编辑,而不能建议对 API 规范进行编辑。