Reputation: 1001
Disable OPTIONS method call React + Spring boot
I am having frontend in React and backend in Spring boot. I am having GET/PUT/POST/DELETE HttpMethods in Rest API, but for every request from the client OPTIONS call is sent by the client(browser). Due to security reasons, I need to restrict these OPTIONS method call from the client. At this moment of time changing on API level is not feasible Is there any configuration kind of thing to prevent this.
React application is deployed on IIS and Spring boot application on Tomcat.
React application using Axios as HTTP Client.
Note: I know the preflight request is sent by browser and for this OPTIONS are getting invoked, I don't want to go in that direction.
Upvotes: 1
Views: 1728
Answers (1)
Reputation: 16284
These OPTIONS requests are part of the CORS specification which states that every PUT or POSTs with content type application/json must be preflighted with OPTIONS to check Access-Control-Allow-Origin header without causing any side effects.
I can't see any security issues with allowing OPTIONS, but in fact this is a security feature enforced by your browser.
To stop this behavior you should use same origin requests. Other possibilities which I won't recommend would be to just use GETs for your post requests or POST with content type other that application/json. And of course, you can write your own browser or connect from a native environment (as HttpClient on a desktop or mobile app).
Upvotes: 1
Related Questions
- Disable Spring Security for OPTIONS Http Method
- Disable HTTP OPTIONS method in spring boot application
- Disable spring boot actuator endpoints java config
- How to handle HTTP OPTIONS requests in Spring Boot?
- How to Disable Spring Web MVC
- How to prevent spring-boot autoconfiguration for spring-web?
- React deployment/running options
- spring-boot disable HTTP methods
- Spring boot and react running on tomcat
- How can I disable HTTP Methods for Tomcat 5.5.27