Hi guys,
Issue:
We are trying to disable all application\xml requests to our service.
Following the configuration for ServiceStack we used:
protected virtual HostConfig GetConfiguration()
{
return new HostConfig
{
EnableFeatures = Feature.All.Remove(Feature.Xml | Feature.Csv | Feature.Jsv | Feature.Soap),
DebugMode = isInDebug,
DefaultContentType = MimeTypes.Json,
};
}
We test it with fiddler by sending the POST request to Authentication method.
POST http://localhost/meiwi/api/auth/qics HTTP/1.1
Host: localhost
Content-Type: application/xml
Accept: */ *
<?xml version="1.0" encoding="UTF-8" ?>
<h:Authenticate xmlns:h="http://schemas.servicestack.net/types">
<h:UserName>userName</h:UserName>
<h:Password>password</h:Password>
</h:Authenticate>
It works as expected. The response is:
Error: UnauthorizedAccessException ‘Xml’ Features have been disabled by your administrator
But, if you remove the Accept mime then the login is succeeded.
POST http://localhost/meiwi/api/auth/qics HTTP/1.1
Host: localhost
Content-Type: application/xml
<?xml version="1.0" encoding="UTF-8" ?>
<h:Authenticate xmlns:h="http://schemas.servicestack.net/types">
<h:UserName>userName</h:UserName>
<h:Password>password</h:Password>
</h:Authenticate>
Environment:
ServiceStack v4.0.30319
.NET 4.5.2
Windows Server 2008 R2
IIS 7.5.7600
Questions:
Is it a bug?
How can I prevent application/xml handling by ServiceStack configuration?
Regards,
Dmitri