wmccarley opened a new pull request #7907: URL: https://github.com/apache/pulsar/pull/7907
### Motivation *Pulsar broker's embedded Jetty client does not disable HTTP TRACE and TRACK by default which causes the application to be flagged as insecure in certain corporate environments* ### Modifications *Created a new servlet filter: DisableDebugHttpMethodFilter that is attached to the servlets as they are added at startup. I used [this StackOverflow answer](https://stackoverflow.com/a/40990957)* for reference. ### Verifying this change This change added tests and can be verified as follows: *(example:)* - *Added test case testDisableHttpTraceAndTrackMethods in WebServiceTest class* ### Does this pull request potentially affect one of the following parts: - The rest endpoints: (**yes**) -- **the property is set to false by default in broker.conf so it should not introduce any ill side effects in existing environments** ### Documentation - Does this pull request introduce a new feature? (**yes** / no) - If yes, how is the feature documented? (**comment in broker.conf**) ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
