Proxy Endpoint HTTP allow method properties not working

skammili
Participant II

I have following proxy endpoint properties set

<HTTPProxyConnection>

<BasePath>/v1/data</BasePath>

<Properties>

<Property name="allow.http.method.GET">true</Property>

<Property name="allow.http.method.POST">false</Property>

<Property name="allow.http.method.PUT">false</Property>

<Property name="allow.http.method.DELETE">false</Property>

<Property name="allow.http.method.HEAD">false</Property>

<Property name="allow.http.method.OPTIONS">false</Property>

<Property name="allow.http.method.TRACE">false</Property>

<Property name="allow.http.method.PATCH">false</Property>

</Properties>

<VirtualHost>default</VirtualHost>

</HTTPProxyConnection>

But no luck, its allowing all methods. I see in trace session that these properties are there, so it is deployed.

Thanks, Sanjay

Solved Solved
0 7 3,518
2 ACCEPTED SOLUTIONS

I've not had the time to verify the behaviour of setting those properties, but there may be an alternative solution for what you're trying to achieve...

What about raising a fault based on the request method? You could do this as the first step.

<PreFlow name="PreFlow">
        <Request>
            <Step>
                <Condition>request.verb != "GET"</Condition>
                <Name>fault-method-not-allowed</Name>
            </Step>
	...

Where "method-not-allowed-fault" is a RaiseFault policy that could look like this:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<RaiseFault enabled="true" continueOnError="false" async="false" name="fault-method-not-allowed">
	<DisplayName>fault-method-not-allowed</DisplayName>
	<FaultResponse>
		<Set>
			<StatusCode>405</StatusCode>
			<Headers>
				<Header name="Allow">GET</Header>
			</Headers>
		</Set>
	</FaultResponse>    
	<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
</RaiseFault>

View solution in original post

Not applicable

HTTP properties "allow.http.method.<VERB>" is not supported in the recent releases. We have to handle through "RaiseFault" policy in the message flow, as suggested by Omid.

View solution in original post

7 REPLIES 7

I've not had the time to verify the behaviour of setting those properties, but there may be an alternative solution for what you're trying to achieve...

What about raising a fault based on the request method? You could do this as the first step.

<PreFlow name="PreFlow">
        <Request>
            <Step>
                <Condition>request.verb != "GET"</Condition>
                <Name>fault-method-not-allowed</Name>
            </Step>
	...

Where "method-not-allowed-fault" is a RaiseFault policy that could look like this:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<RaiseFault enabled="true" continueOnError="false" async="false" name="fault-method-not-allowed">
	<DisplayName>fault-method-not-allowed</DisplayName>
	<FaultResponse>
		<Set>
			<StatusCode>405</StatusCode>
			<Headers>
				<Header name="Allow">GET</Header>
			</Headers>
		</Set>
	</FaultResponse>    
	<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
</RaiseFault>

Thank you Omid for the aleternate solution.

Dear @skammili , Welcome to Apigee Community 🙂 Thank you for highlighting same. I can able to reproduce same, clearly it looks like a bug. We will get back to you and keep you updated.

Not applicable

HTTP properties "allow.http.method.<VERB>" is not supported in the recent releases. We have to handle through "RaiseFault" policy in the message flow, as suggested by Omid.

@docs , We need to update documentation & remove the references. Thank you 🙂

Removed from the docs. Thanks for the info.

Great, Thank you @Floyd Jones. That was super quick !