Hi, I am using PaxWeb 7.2.x and servlet registration using whiteboard. By default Jetty allows to call OPTIONS http method which returns:
*Allow*: GET, HEAD, POST, TRACE, OPTIONS For other known methods a proper 403 error is returned. For other unknown methods (eg. BLABLA) 501 is returned (maybe not the best options from security reasons). For TRACE method PaxWeb raises an exception and return 500 (I don't not why it is blocked in PaxWeb code?). I need to limit this list of allowed methods for my app, eg. only to: GET, POST. And then server should return 403 for all others. I can implement a dedicated servlet filter for this, but maybe it is another a better way to do this? Especially when the OPTIONS method will be available server should return only configured Allowed methods in response header. Is there any options for doing this in PaxWeb 7 using whiteboard? Or maybe it should be done directly in Jetty configuration using jetty.xml? -- Best regards, Daniel Stoch -- -- ------------------ OPS4J - http://www.ops4j.org - [email protected] --- You received this message because you are subscribed to the Google Groups "OPS4J" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ops4j/329ce887-9d33-411b-8797-cae4ab9aa08bn%40googlegroups.com.
