Hello all,
I am using Jetty 9.3.6.v20151106 and use ConstraintSecurityHandler to
explicitly cover HTTP methods. I have called
securityHandler.setDenyUncoveredHttpMethods(true).
The problem is that Jetty does not actually deny the methods with a
status 405 but instead returns an HTML page containing an error message.
Security scanners employed by several of my customers flag this as
allowing potentially harmful methods.
How can I get Jetty to 405 uncovered methods? Do I have to cover them
and 405 them myself?
Thanks,
Silvio
_______________________________________________
jetty-users mailing list
[email protected]
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
