[jira] [Updated] (NIFI-12925) ListenHTTP should disable unused HTTP methods

Mark Bean (Jira) Fri, 22 Mar 2024 11:54:58 -0700


     [ 
https://issues.apache.org/jira/browse/NIFI-12925?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Mark Bean updated NIFI-12925:
-----------------------------
    Status: Patch Available  (was: In Progress)

> ListenHTTP should disable unused HTTP methods
> ---------------------------------------------
>
>                 Key: NIFI-12925
>                 URL: https://issues.apache.org/jira/browse/NIFI-12925
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Extensions
>            Reporter: Michael W Moser
>            Assignee: Mark Bean
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> For [security 
> reasons|https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/06-Test_HTTP_Methods],
>  ListenHTTP should reply with 405 Method Not Allowed for HTTP methods OPTIONS 
> and TRACE.
> PUT already returns 405.
> GET, POST, DELETE, HEAD are used by the processor.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (NIFI-12925) ListenHTTP should disable unused HTTP methods

Reply via email to