Hi,
I was exploring the automation framework for my openapi scans. I would like to block zap from sending requests to the DELETE method. I cannot exclude certain endpoints as there can be endpoint that use multiple methods. I turned to HTTP sender script and created a simple script to block POST request. The script console does say it blocked it which show it kinda works but I still see the request in the history and same for the active scan tabs and report.
The automation is as follows
env
http sender script
openapi
report
The script for blocking POST
function sendingRequest(msg, initiator, helper) {
var method = msg.getRequestHeader().getMethod();
// Block POST requests
if (method.equalsIgnoreCase("POST")) {
print("Blocking POST request: " + msg.getRequestHeader().getURI());
return;
}
}
function responseReceived(msg, initiator, helper) {
// No action required for responses in this case
}