Hello Devs, In our environment we run security scanning tools. They flag any HTTP port that supports the OPTIONS method as a problem: “Web servers that respond to the OPTIONS HTTP method expose what other methods are supported by the web server, allowing attackers to narrow and intensify their efforts.”
I don’t see Qpid having any need to support this method, so I have filed a bug with a patch that blocks the OPTIONS method: https://issues.apache.org/jira/browse/QPID-8552. I would love to have this patch in the next 8.x release of Broker-J. Thoughts? -- Tom
