Contact Details
No response
What happened?
Enabling PUT & DELETE can have big security risks - allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity.
The OPTIONS method can expose sensitive information that may help a malicious actor to prepare more advanced attacks.
Although there can be other factors needed to delete & upload files (depending on the config like Methods being handled by application code and not web server).
Its still not good thing to enable these Methods. Please disable the PUT,DELETE & OPTIONS.
Version
1.0.2 (Default)
What browsers are you seeing the problem on?
Chrome
Relevant log output
Access-Control-Allow-Methods: PUT, GET, POST, OPTIONS,DELETE
Code of Conduct
Contact Details
No response
What happened?
Enabling PUT & DELETE can have big security risks - allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity.
The OPTIONS method can expose sensitive information that may help a malicious actor to prepare more advanced attacks.
Although there can be other factors needed to delete & upload files (depending on the config like Methods being handled by application code and not web server).
Its still not good thing to enable these Methods. Please disable the PUT,DELETE & OPTIONS.
Version
1.0.2 (Default)
What browsers are you seeing the problem on?
Chrome
Relevant log output
Code of Conduct