[
https://issues.apache.org/jira/browse/NIFI-12925?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael W Moser updated NIFI-12925:
-----------------------------------
Description:
For [security
reasons|https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/06-Test_HTTP_Methods],
ListenHTTP should reply with 405 Method Not Allowed for HTTP methods OPTIONS
and TRACE.
PUT already returns 405.
GET, POST, DELETE, HEAD are used by the processor.
was:
For [security
reasons|https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/06-Test_HTTP_Methods],
ListenHTTP should reply with 405 Method Not Allowed for HTTP methods OPTIONS
and TRACE.
PUT and DELETE already return 405. A GET request returns 404 Not Found.
> ListenHTTP should disable unused HTTP methods
> ---------------------------------------------
>
> Key: NIFI-12925
> URL: https://issues.apache.org/jira/browse/NIFI-12925
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions
> Reporter: Michael W Moser
> Priority: Major
>
> For [security
> reasons|https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/06-Test_HTTP_Methods],
> ListenHTTP should reply with 405 Method Not Allowed for HTTP methods OPTIONS
> and TRACE.
> PUT already returns 405.
> GET, POST, DELETE, HEAD are used by the processor.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
