UiPath Orchestrator

The UiPath Orchestrator Guide

Disabling HTTP Method Override Requests

Some web frameworks provide a way to override the HTTP method in the request by supplying specific HTTP request headers, such as X-HTTP-Method, XHTTP-Method-Override, and X-Method-Override.

Authorization in Orchestrator is performed, by default, after HTTP headers are consumed. As a result, verb tunneling is not something you should worry about.

However, for an added extra layer of security, you can disable the X-HTTP-METHOD-OVERRIDE header in the web.config file of your Orchestrator instance, by setting its size limit to 0.

For example, you can add the following in the web.config file:

                    <add header="X-HTTP-METHOD-OVERRIDE" sizeLimit="0" />

Updated 3 years ago

Disabling HTTP Method Override Requests

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.