Fortify Allowed header option

275 Views Asked by At

I am building a RESTful API. When the client uses an unsupported method such as GET on a resource that does not supports it, I am returning a 405 with the Allow header which lists the allowed methods:

Response

Status Code: 405 Method Not Allowed

Allow: DELETE, PUT, POST

Connection: keep-alive

Date: Mon, 08 Apr 2013 00:19:26 GMT

Fortify display insecure HTTP method(s) on the web server. How fortify determine insecure Http methods ?

0

There are 0 best solutions below