You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@mikepizzo offered to ask a colleague at Microsoft, I'd like to await his response first so that I can better judge what impact the rule 901162 (which we want modified) actually has.
OWASP maintains a set of core rules which, among others, contains a list of "allowed content types for requests"
https://github.com/coreruleset/coreruleset/blob/a2f477d9d3171ac23cde3a3fc719356bc3db55db/rules/REQUEST-901-INITIALIZATION.conf#L200
which is then used in another rule
https://github.com/coreruleset/coreruleset/blob/a2f477d9d3171ac23cde3a3fc719356bc3db55db/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf#L1013.
This list is not set in stone, for example,
multipart/related
was added as a result of coreruleset/coreruleset#1721.To support OData multipart $batch requests, should the OData TC raise another issue to have
multipart/mixed
included?The text was updated successfully, but these errors were encountered: