Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] How to disable HTTP Options in openfire-jetty?

What is openfire?

Does it even use standard servlet behavior?

--
Joakim Erdfelt <joakim@xxxxxxxxxxx>
Expert advice, services and support from from the Jetty & CometD experts

On Thu, Jun 25, 2015 at 10:29 AM, abc xyz <pranav.usnews@xxxxxxxxx> wrote:

Hello,

I am using openfire 3.8.2. I want to completely disable HTTP OPTIONS on the webapp.

I included following in my web.xml for jetty under WEB-INF/

{code}

<security-constraint>

    <web-resource-collection>

          <web-resource-name>Disable OPTIONS</web-resource-name>

                <url-pattern>/*</url-pattern>

                 <http-method>OPTIONS</http-method>

           </web-resource-collection>

           <auth-constraint/>

</security-constraint>

{code}

 

 

Upon making an OPTIONS request to https://IP:PORT/http-bind/ , I still get 200 OK.

I also extracted openfire.jar to change it's webdefault.xml to have this code snippet. I believe as I have my own web.xml in source, that should work. Also, this web.xml config works fine with a apache tomcat based webapp and gives me an apt 403 status code. I am unable to get jetty accept this code snippet. Any help is appreciated. Thanks!


_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users


Back to the top