You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@struts.apache.org by Greg Huber <gr...@gmail.com> on 2016/11/14 14:48:20 UTC

lobal-allowed-methods

Although I have strict method switched on it allows me to call the save()
and delete() method on any class.

It seems that the one in struts-default adds these as a default:

<global-allowed-methods>execute,input,back,cancel,browse,save,delete,list,index</global-allowed-methods>

I can see why we want some, possibly only have methods that are required
for struts to function at a minimum.

<global-allowed-methods>execute</global-allowed-methods>

Re: lobal-allowed-methods

Posted by Lukasz Lenart <lu...@apache.org>.

Hm... it was added to lower const of migrating to 2.5.x, I think we
can drop this totally at some point.

2016-11-14 15:48 GMT+01:00 Greg Huber <gr...@gmail.com>:
> Although I have strict method switched on it allows me to call the save()
> and delete() method on any class.
>
> It seems that the one in struts-default adds these as a default:
>
> <global-allowed-methods>execute,input,back,cancel,browse,save,delete,list,index</global-allowed-methods>
>
> I can see why we want some, possibly only have methods that are required
> for struts to function at a minimum.
>
> <global-allowed-methods>execute</global-allowed-methods>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org