By default, an HTTP trigger function binding generated online does not have a methods attribute, meaning that the function responds to all HTTP methods. As we have seen, an HTTP trigger function generated in Visual Studio will specify GET and POST as allowed methods by default. You can restrict the methods allowed on a specific function to the methods of your choosing by adding a methods attribute with a list of allowed methods in the function.json file:
"methods": [ "post", "put" ]
Which can be achieved by specifying them on the trigger attribute in the function's signature in a precompiled function, as follows:
[HttpTrigger(AuthorizationLevel.Anonymous, "get", "post", Route = null)]HttpRequestMessage req
Now, if an unallowed ...