validate incoming requests coming into the proxy-server.
[x] reject requests from inactive conduits
[x] PUT / POST / PATCH requests should have a body
[x] validate allowList
we decided that we would write the test though it wouldn't be functional because the actual code for the test is not implemented. the idea is to make the test fail until the code is implemented and the test should pass once the code is implemented.
reject requests from IPs not in AllowList
allow requests from IPs in AllowList
validating resource access control method ( RACM )
[x] reject method not in RACM list
[x] allow method present in RACM list
validating hidden form fields
when hiddenFormField.policy is pass-if-match
[x] silently drop if value is not filled
[x] silently drop if value does not match
[x] process valid request with value
when hiddenFormField.policy is drop-if-filled
[x] process request if value is not filled
[x] silently drop request if hiddenFormField is filled
validate incoming requests coming into the
proxy-server.PUT/POST/PATCHrequests should have a bodyallowListwe decided that we would write the test though it wouldn't be functional because the actual code for the test is not implemented. the idea is to make the test fail until the code is implemented and the test should pass once the code is implemented.hiddenFormField.policyispass-if-matchhiddenFormField.policyisdrop-if-filledhiddenFormFieldis filledcloses #82