Allowed HTTP Methods
Optional Restrict certain HTTP methods to be used in your application.
This middleware works by default for *
HTTP Methods and will throw an 405 Method Not Allowed
error when the there will be a request sent with an HTTP Method that is not allowed.
It will help you solve this security problem.
Usage
This middleware is disabled globally by default. You can customize it both globally and per route like following:
export default defineNuxtConfig({ // Global security: { allowedMethodsRestricter: { methods: ['GET'] } } // Per Route routeRules: { '/my-secret-route': { security: { allowedMethodsRestricter: { methods: ['GET'] } } } }})
You can also disable the middleware globally or per route by setting allowedMethodsRestricter: false
.
Options
Rate limiter accepts following configuration options:
type HTTPMethod = 'GET' | 'POST' | 'DELETE' | 'PATCH' | 'POST' | string;export type AllowedHTTPMethods = { methods: HTTPMethod[] | '*'; throwError?: boolean;}
methods
- Default:
*
An array of allowed HTTP methods or '*'
to allow all methods.
throwError
- Default:
true
Whether to throw Nuxt Error with appriopriate error code and message. If set to false, it will just return the object with the error that you can handle.