Allowed HTTP Methods

Optional Restrict certain HTTP methods to be used in your application.

This middleware works by default for * HTTP Methods and will throw an 405 Method Not Allowed error when the there will be a request sent with an HTTP Method that is not allowed.

ℹ Read more about restricting HTTP methods here.

It will help you solve this security problem.

Usage

This middleware is disabled globally by default. You can customize it both globally and per route like following:

nuxt.config.ts

export default defineNuxtConfig({

  // Global
  security: {
    allowedMethodsRestricter: {
      methods: ['GET']
    }
  }

  // Per Route
  routeRules: {
    '/my-secret-route': {
      security: {
        allowedMethodsRestricter: {
          methods: ['GET']
        }
      }
    }
  }
})

You can also disable the middleware globally or per route by setting allowedMethodsRestricter: false.

Options

Rate limiter accepts following configuration options:

type HTTPMethod = 'GET' | 'POST' | 'DELETE' | 'PATCH' | 'POST' | string;

export type AllowedHTTPMethods = {
  methods: HTTPMethod[] | '*';
  throwError?: boolean;
}

`methods`

Default: *

An array of allowed HTTP methods or '*' to allow all methods.

`throwError`

Default: true

Whether to throw Nuxt Error with appriopriate error code and message. If set to false, it will just return the object with the error that you can handle.

Edit this page on GitHub

MiddlewareCORS Handler

MiddlewareBasic Auth