❔ Authorization convention for requests other than get
I want to require authorization for all endpoints that accept request types other than get. By looking through the source code, I've only found AuthorizeFilter
. Should I be conditionally adding filters based on the existent filters? but IAuthorizeData
is not a metadata filter, so it won't even be in that list. Should I make a custom X (I can't find the type that has to do with policy requirement extraction)?