asp.net - Login Form Using HEAD or OPTIONS Verb Instead of POST -

-

i have strange problem. deployed application production. have 2 action methods logging in:

accountcontroller    [httpget]login();    [httppost]login(..);

the form rendered capture login information , perform post straightforward form:

<form action="/account/login" class=" form-horizontal" method="post" novalidate="novalidate"><input name="__requestverificationtoken" type="hidden" value=".."> . . </form>

i log unhandled actions on controller, writes message event log. message see:

protected overrides sub handleunknownaction(actionname string)     eventlog.writeentry("application", "controller '" + me.gettype().name + "' not have action '" + actionname + "' request of type '" + me.controllercontext.httpcontext.request.httpmethod + "'.") end sub

i see message logged:

controller 'accountcontroller' not have action 'login' request of type 'head'. controller 'accountcontroller' not have action 'login' request of type 'options'.

any idea why request coming on head or options? have no idea how user trying connect application.

to sure should check user agent string logged request (if available) i'd bet it's bot inspecting home page (possibly redirected login page).

see googlebot head request. i'd discourage user agent string filtering unless want keep up-to-date topic (and anyway bad bot may fake search engine spider's user agent string).

they usually go normal request bots (as attempt optimize bandwidth usage?) first tries head , options.

you have afaik 2 options: provide specific controller method handle them (if care) or instruct bots using robots.txt file. if leave as-is shouldn't have trouble both security , seo point of view (most bots go get if receives 405 head , options).

what's right thing do? if care i'd handle them returning http status 405 (not allowed). suggests http status 501 (not implemented) may proper/better response.

mvc correctly returns method not allowed unsupported request method , fills (mandatory) allow field in response (in case allow: get,post), behavior equivalent code:

[actionname("login")] [httpoptions, httphead] public actionresult loginforunsupportedhttpmethods() {     return new httpstatuscoderesult(httpstatuscode.methodnotallowed); }

if you're not using asp.net mvc 5 don't have httpstatuscode enumeration , have specify return code manually: new httpstatuscoderesult(405).

however not every bot/spider/service correctly switches get if head isn't supported (notable example downforeveryoneorjustme.com) may want return page head (and leave default behavior options):

// method isn't required unless want return different // http status code or perform special operation. [httpoptions, actionname("login")] public actionresult loginforunsupportedhttpmethods() {     return new httpstatuscoderesult(httpstatuscode.methodnotallowed); }  [httpget, httphead] public actionresult login() {/* ... */ }  [httppost] public actionresult login(loginmodel model) {/* ... */ }

optimization: if you're running high traffic web-site, you're regularly requested many head , (in measurable way) affect site performance may decide return stripped down version of page head requests (possibly without server side processing , possibly unused client side stuff css , scripts).


Comments

Post a Comment

Popular posts from this blog

android - Gradle sync Error:Configuration with name 'default' not found -

-
i want add external library guillotinemenu-android in application. followed steps given in upvoted answer existing question how add library project android studio? facing error when try build project after step 6 i.e. when added dependency in app/build.gradle compile project(":guillotinemenu") . tried stackoverflow links related error not working out. have made folder named libs in app directory , copied project folder guillotine menu there. here build.gradle(module:app) file apply plugin: 'com.android.application' android { compilesdkversion 22 buildtoolsversion "22.0.1" defaultconfig { applicationid "com.sunshine.bbreaker.appet_i" minsdkversion 14 targetsdkversion 22 versioncode 1 versionname "1.0" } buildtypes { release { minifyenabled false proguardfiles getdefaultproguardfile('proguard-android.txt'), 'proguard-rules.p
Read more

java - Andrioid studio start fail: Fatal error initializing 'null' -

-
i don't know happened android studio,when start ,it shows me error message below. , try uninstall/reinstall it,but doesn't work.who can me!!! internal error. please report https://code.google.com/p/android/issues java.lang.runtimeexception: com.intellij.ide.plugins.pluginmanager$startupabortedexception: fatal error initializing 'null' @ com.intellij.idea.ideaapplication.run(ideaapplication.java:178) @ com.intellij.idea.mainimpl$1$1$1.run(mainimpl.java:52) @ java.awt.event.invocationevent.dispatch(invocationevent.java:209) @ java.awt.eventqueue.dispatcheventimpl(eventqueue.java:715) @ java.awt.eventqueue.access$400(eventqueue.java:82) @ java.awt.eventqueue$2.run(eventqueue.java:676) @ java.awt.eventqueue$2.run(eventqueue.java:674) @ java.security.accesscontroller.doprivileged(native method) @ java.security.accesscontrolcontext$1.dointersectionprivilege(accesscontrolcontext.java:86) @ java.awt.eventqueue.dispatchevent(eventqu
Read more

html - jQuery UI Sortable - Remove placeholder after item is dropped -

-
i'm trying nested sortable , i'm kind'a succeeding, there's 1 small little inconvenience bugs me. i want placeholder disappear after i've dropped dragged item (on mouseup) , can't quite figure out how it. i want because when sort downwards, deletion of placeholder affects parent's height, in turn creates small bug, check jsfiddle here. html <div class="container"> <h1>menu</h1> <ul class="list-group striped nest"> <li class="list-group-item">home <ul class="list-group striped nest"></ul></li> <li class="list-group-item">about <ul class="list-group striped nest"></ul></li> <li class="list-group-item"> services <ul class="list-group striped nest"> <li class="list-group-item">design <ul class=
Read more