Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] Disable invalid HTTP method error page

Hello all,

I am using Jetty 9.3.6.v20151106 and use ConstraintSecurityHandler to explicitly cover HTTP methods. I have called securityHandler.setDenyUncoveredHttpMethods(true).

The problem is that Jetty does not actually deny the methods with a status 405 but instead returns an HTML page containing an error message. Security scanners employed by several of my customers flag this as allowing potentially harmful methods.

How can I get Jetty to 405 uncovered methods? Do I have to cover them and 405 them myself?

Thanks,

Silvio



Back to the top