Hello,
I am using openfire 3.8.2. I want to completely disable HTTP OPTIONS on the
webapp.
I included following in my web.xml for jetty under WEB-INF/
{code}
<security-constraint>
<web-resource-collection>
<web-resource-name>Disable OPTIONS</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
{code}
Upon making an OPTIONS request to https://IP:PORT/http-bind/ , I still get
200 OK.
I also extracted openfire.jar to change it's webdefault.xml to have this
code snippet. I believe as I have my own web.xml in source, that should
work. Also, this web.xml config works fine with a apache tomcat based
webapp and gives me an apt 403 status code. I am unable to get jetty accept
this code snippet. Any help is appreciated. Thanks!
_______________________________________________
jetty-users mailing list
[email protected]
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
