Http Error 405 (Method not allowed) on saving any configuration changes

[Harambear]

Hello!

I was recently tasked with shoring up application security for our company site using Optimizely CMS 12, and this included implementing a level 3 CSP.

I was planning on building a configurable CSP page for this effort, but came across your package and loved how robust it was with on-going support and features and wanted to try it out to see if it fits our needs.

I have 4.0 set up on our app and when trying to make any changes in the configuration, I'm getting hit with a 405 Method Not Allowed error.

Is this something you can help me resolve?

[GeekInTheNorth]

Hello @Harambear

This sounds potentially like something specific to the configuration of your website. Lets start with some key information first. Can you tell me the following:

• What version of .NET are you compiling for
• What version of Optimizely CMS are you using
• Do you use Opti Id for authentication
• Do you have any middleware that control what HTTP Methods are allowed?
• Do you have any redirect rules that are forcing or removing trailing slashes?

From my own experiments I get the 405 response when a redirect happens to remove a trailing slash. Make sure you exclude paths starting with /stott from these rules.

Regards,
Mark

[Harambear]

Hi Mark,

Thank you for taking the time to respond; I believe our issue is with having a redirect that removes trailing slashes.

We're using EPiServer.Web.Routing.RoutingOptions to do this, which does not provide a way to exclude certain paths. I'm working on a replacement solution today and will see if that fixes the 405 error.

I'll report back here once that's done (hopefully with good news!).

Thank you!

Regards,
KJ

[Harambear]

Hi Mark,

The exclusion of "/stott.security.optimizely" from trailing slash redirect worked!

Thank you again for your help.

Regards,
KJ