Sadly options request is necessary for browsers to assert whether or not the result of a request should be exposed to caller, isn't it?
On Thu, Jul 15, 2021, 17:47 Tom Jordahl <tjord...@adobe.com.invalid> wrote: > Hello Devs, > > In our environment we run security scanning tools. They flag any HTTP > port that supports the OPTIONS method as a problem: > “Web servers that respond to the OPTIONS HTTP method expose what other > methods are supported by the web server, allowing attackers to narrow and > intensify their efforts.” > > I don’t see Qpid having any need to support this method, so I have filed a > bug with a patch that blocks the OPTIONS method: > https://issues.apache.org/jira/browse/QPID-8552. I would love to have > this patch in the next 8.x release of Broker-J. > > Thoughts? > -- > Tom >
