❔ Authorization convention for requests other than get
I want to require authorization for all endpoints that accept request types other than get. By looking through the source code, I've only found
AuthorizeFilter. Should I be conditionally adding filters based on the existent filters? but IAuthorizeData is not a metadata filter, so it won't even be in that list. Should I make a custom X (I can't find the type that has to do with policy requirement extraction)?1 Reply
Looks like nothing has happened here. I will mark this as stale and this post will be archived until there is new activity.