Suggestion : Add httpOptions feature for IT security

Question

Suggestion : Add httpOptions feature for IT security

eunbeek opened this issue 4 years ago · 1 comments

This repo has a really good example, and I looked for the HTTP method because I worked as an IT Risk analyst before.
There are DELETE, GET, POST, PUT, REDIRECT method, except TRACE. I usually used TRACE to check XST(Cross-site Tracing) vulnerability.

Can I add HttpTrace method example for this repo?

I will request pull soon.

// new
I am really sorry but XMLHttpRequest does not accept TRACE now.
https://domstorm.skepticfx.com/modules/?id=53992f9bfd987e64ab000005

I do not want to break your format and style so I suggest adding OPTIONS method. This method also returns what HTTP methods are used in the WEB site. Hackers run the automation tool to check what method they used and when they figure out misconfiguration, they list up and attack it.

So I suggest httpOptions feature for your repo. It will be similar to your other code such as 'httpGet' or 'httpDelete'.

Thank you

Answer 1 · 2020-10-22T05:53:44.000Z

Thanks, but this is outside the scope of this repo. We provide minimal examples. Advanced use-cases and tweaks are up to the user.