Last active
May 17, 2021 20:04
-
-
Save scottzilla/b335db8998d1f73e4419bbb605f1cb92 to your computer and use it in GitHub Desktop.
Azure API Management (APIM) - BASE policy, inbound, choose-when checks the scheme of the requested url, and returns a 302.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- | |
| IMPORTANT: | |
| - Policy elements can appear only within the <inbound>, <outbound>, <backend> section elements. | |
| - Only the <forward-request> policy element can appear within the <backend> section element. | |
| - To apply a policy to the incoming request (before it is forwarded to the backend service), place a corresponding policy element within the <inbound> section element. | |
| - To apply a policy to the outgoing response (before it is sent back to the caller), place a corresponding policy element within the <outbound> section element. | |
| - To add a policy position the cursor at the desired insertion point and click on the round button associated with the policy. | |
| - To remove a policy, delete the corresponding policy statement from the policy document. | |
| - Policies are applied in the order of their appearance, from the top down. | |
| --> | |
| <policies> | |
| <inbound> | |
| <choose> | |
| <when condition="@(context.Request.OriginalUrl.Scheme == Uri.UriSchemeHttp)"> | |
| <return-response> | |
| <set-status code="302" reason="Temporary Redirect" /> | |
| <set-header name="Location" exists-action="override"> | |
| <value>@{ | |
| var uri = context.Request.OriginalUrl; | |
| return Uri.UriSchemeHttps + "://" + uri.Host + uri.Path + uri.QueryString; | |
| }</value> | |
| </set-header> | |
| </return-response> | |
| </when> | |
| </choose> | |
| </inbound> | |
| <backend> | |
| <forward-request /> | |
| </backend> | |
| <outbound> | |
| <on-error /> | |
| </policies> |
Hi,
I am looking for solution to redirect http to https.
I have an API with method POST when i tried this i got error 405 Method not allowed. It is redirecting to GET method. How can i change to POST?Any help is highly appreciated.
Regards,
Jason
I believe it is a security feature that POST cannot be redirected. It's a terrible practice from a security standpoint.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I am looking for solution to redirect http to https.
I have an API with method POST when i tried this i got error 405 Method not allowed. It is redirecting to GET method. How can i change to POST?
Any help is highly appreciated.
Regards,
Jason