[jira] [Created] (NIFI-12925) ListenHTTP should disable unused HTTP methods

Michael W Moser (Jira) Wed, 20 Mar 2024 14:09:50 -0700

Michael W Moser created NIFI-12925:
--------------------------------------

             Summary: ListenHTTP should disable unused HTTP methods
                 Key: NIFI-12925
                 URL: https://issues.apache.org/jira/browse/NIFI-12925
             Project: Apache NiFi
          Issue Type: Improvement
          Components: Extensions
            Reporter: Michael W Moser



For [security 
reasons|https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/06-Test_HTTP_Methods],
 ListenHTTP should reply with 405 Method Not Allowed for HTTP methods OPTIONS 
and TRACE.

PUT and DELETE already return 405.  A GET request returns 404 Not Found.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (NIFI-12925) ListenHTTP should disable unused HTTP methods

Reply via email to