Possibility to forbid all http verbs/methods by default or at least making this easier to achive #2326
Assignees
Labels
status: waiting-for-triage
An issue we've not yet triaged
Comments
spring-projects-issues
added
the
status: waiting-for-triage
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have had personal exchanges with Ollie on this point. @odrotbohm, perhaps you would like to comment on your point of view here.
I know some people who are put off by the default behavior of having all their repositories with all http methods exposed and are discouraged from using spring-data-rest. I think they would be more comfortable with allowing specific http methods, at least modifying methods like DELETE, PUT, PATCH etc.
I built a RestConfigurer that first disallows everything and then allows it selectively.
In talking with Ollie, one of the ideas was that there should be an easier way to disallow all http methods or selectively allow individual ones. This could be done e.g. via additional attributes in the RepositoryRestResource annotation. Ollie had still further ideas via configuration switch that one could e.g. over it activate, everything could forbid, which is not explicitly permitted. Of course there are many other ideas and possibilities.
The idea/wish of the issue is that you can discuss about it. Thanks!
The text was updated successfully, but these errors were encountered: