禁用选项方法码头服务器 [英] Disable OPTIONS Method Jetty Server
问题描述
我已经开发了一个Web应用程序,其中包含一组GET和Post调用.我想阻止我的Jetty网络服务器进行OPTIONS呼叫.
I have developed a web application which has set of GET and Post calls. I want to block my Jetty webserver for OPTIONS call.
目前,我得到这样的答复.
Currently I get something like this in response.
HTTP/1.1 200 OK
Date: Tue, 28 Apr 2015 07:41:50 GMT
Server: Apache
Allow: GET,HEAD,POST,OPTIONS
Cache-Control: max-age=0
Expires: Tue, 28 Apr 2015 07:41:50 GMT
Content-Length: 0
Connection: close
Content-Type: httpd/unix-directory
我不想允许-选项方法类型.有人可以告诉我如何从码头服务器属性文件中禁用它吗?我无法为此找到任何财产.
I dont want to ALLOW - Options method type. Can someone tell me how can I disable it from jetty servers property file? I am not able to find any property for this.
推荐答案
您可以使用类似于禁用TRACE的技术针对特定的Web应用禁用它.
You can disable it for specific webapps using a technique similar to how TRACE is disabled.
See the jetty-distribution etc/webdefault.xml
如何执行此操作...
How to do this ...
编辑您的Web应用程序的WEB-INF/web.xml
并添加以下内容
Edit your webapp's WEB-INF/web.xml
and add the following
<!-- ==================================================================== -->
<!-- Disable OPTIONS method with security constraint -->
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Disable OPTIONS</web-resource-name>
<url-pattern>/</url-pattern>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Enable everything but OPTIONS</web-resource-name>
<url-pattern>/</url-pattern>
<http-method-omission>OPTIONS</http-method-omission>
</web-resource-collection>
</security-constraint>
这篇关于禁用选项方法码头服务器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!