Forum Discussion
cjunior
Oct 19, 2018Nacreous
Hi,
Just to comment, you intent to mitigate violations into url that starts with "/web/dataset/", right? Considering that all violation are disabled/mitigated on JSON profile, I may suggest you only to change the "Content-Type" value to "*json*". I can't see when JSON objects will be posted without a "json" declared content type. In case it is possible, it should go to the global wildcard treatment while you don't set all possibilities on your url object header-based conditions.
Just to remember, wildcards are processed from more specific to less specific. You could check/set this on menu "Security > Application Security > URL > Wildcards Order"
Anyway, it could be my approach.
Regards.