TsgcWSAPIServer_WebAuthn › Events › OnWebAuthnHTTPRequest
Fires before a WebAuthn endpoint processes an incoming HTTP request; lets the application inspect headers, apply rate limits, or reject the call.
public event TsgcWebAuthnOnHTTPRequestHandler OnWebAuthnHTTPRequest;
// delegate void TsgcWebAuthnOnHTTPRequestHandler(TObject Sender, TsgcWebAuthnHTTPRequestMethod aMethod, TsgcHTTPRequest aRequest, out bool Accept)—
Called once per HTTP hit to any WebAuthn endpoint. aMethod identifies which endpoint was matched (registration options/verify or authentication options/verify), aRequest exposes the raw HTTP headers and payload and Accept defaults to true. Set Accept to false to short-circuit the pipeline (for example when throttling clients or enforcing IP allowlists) — the server will then skip the WebAuthn logic for that call.