❔ Authorization convention for requests other than get

I want to require authorization for all endpoints that accept request types other than get. By looking through the source code, I've only found AuthorizeFilter. Should I be conditionally adding filters based on the existent filters? but IAuthorizeData is not a metadata filter, so it won't even be in that list. Should I make a custom X (I can't find the type that has to do with policy requirement extraction)?
Looks like nothing has happened here. I will mark this as stale and this post will be archived until there is new activity.

Looking for more? Join the community!