What is openfire? Does it even use standard servlet behavior?
-- Joakim Erdfelt <[email protected]> webtide.com <http://www.webtide.com/> - eclipse.org/jetty - cometd.org Expert advice, services and support from from the Jetty & CometD experts On Thu, Jun 25, 2015 at 10:29 AM, abc xyz <[email protected]> wrote: > Hello, > > I am using openfire 3.8.2. I want to completely disable HTTP OPTIONS on > the webapp. > > I included following in my web.xml for jetty under WEB-INF/ > > {code} > > <security-constraint> > > <web-resource-collection> > > <web-resource-name>Disable OPTIONS</web-resource-name> > > <url-pattern>/*</url-pattern> > > <http-method>OPTIONS</http-method> > > </web-resource-collection> > > <auth-constraint/> > > </security-constraint> > > {code} > > > > > > Upon making an OPTIONS request to https://IP:PORT/http-bind/ , I still > get 200 OK. > > I also extracted openfire.jar to change it's webdefault.xml to have this > code snippet. I believe as I have my own web.xml in source, that should > work. Also, this web.xml config works fine with a apache tomcat based > webapp and gives me an apt 403 status code. I am unable to get jetty accept > this code snippet. Any help is appreciated. Thanks! > > _______________________________________________ > jetty-users mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://dev.eclipse.org/mailman/listinfo/jetty-users >
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
