Restricting HTTPS methods for nginx hardening


I would like to know what HTTP methods Ghost requires to function.

I tried to only whitelist GET, POST, HEAD, DELETE but then my editor stopped being able to save any changes. Are there any documentation on this?


Your best bet to see what’s not working is to open your browser’s developer tools and see what errors pop up. I don’t think there’s documentation for this since there are portions of the API that are not stable (e.g. the Members API)

1 Like

Didn’t know Firefox could even monitor that, awesome.

Looks like Ghost is using GET, POST, PUT, DELETE as far as I can see, maybe it also uses HEAD but I didn’t see it being used.

Working perfectly now, thank you :slight_smile:

1 Like