Skip to Main Content
Forums

APEX

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

How to restrict allowed HTTP method for page submission on server

Oliver LimbergMar 7 2017 — edited Mar 9 2017

Hi,

our APEX application was checked by an external security company and unfortunately, it is possible to submit a page/ form using a GET even though it should only be possible using POST.

The company marked this as a weakness against Cross-Site Request Forgery.

Is there anything on a page-, application-, workspace- or instance-level to limit the submit of forms only to POST?

If it is not possible directly, do you have ideas how to achieve this?

Thanks in advance.
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Apr 6 2017
Added on Mar 7 2017
#apex-discussions
4 comments
1,805 views