问题
I have developed a web application which has set of GET and Post calls. I want to block my Jetty webserver for OPTIONS call.
Currently I get something like this in response.
HTTP/1.1 200 OK
Date: Tue, 28 Apr 2015 07:41:50 GMT
Server: Apache
Allow: GET,HEAD,POST,OPTIONS
Cache-Control: max-age=0
Expires: Tue, 28 Apr 2015 07:41:50 GMT
Content-Length: 0
Connection: close
Content-Type: httpd/unix-directory
I dont want to ALLOW - Options method type. Can someone tell me how can I disable it from jetty servers property file? I am not able to find any property for this.
回答1:
You can disable it for specific webapps using a technique similar to how TRACE is disabled.
See the jetty-distribution etc/webdefault.xml
How to do this ...
Edit your webapp's WEB-INF/web.xml and add the following
<!-- ==================================================================== -->
<!-- Disable OPTIONS method with security constraint -->
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Disable OPTIONS</web-resource-name>
<url-pattern>/</url-pattern>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Enable everything but OPTIONS</web-resource-name>
<url-pattern>/</url-pattern>
<http-method-omission>OPTIONS</http-method-omission>
</web-resource-collection>
</security-constraint>
来源:https://stackoverflow.com/questions/29914531/disable-options-method-jetty-server