How to disable HTTP Options in openfire-jetty?


I am using openfire 3.8.2. I want to completely disable HTTP OPTIONS on the webapp.

I included following in my web.xml for jetty under WEB-INF/



      <web-resource-name>Disable OPTIONS</web-resource-name>






Upon making an OPTIONS request to https://IP:PORT/http-bind/ , I still get 200 OK.

I also extracted openfire.jar to change it’s webdefault.xml to have this code snippet. I believe as I have my own web.xml in source, that should work. Also, this web.xml config works fine with a apache tomcat based webapp and gives me an apt 403 status code. I am unable to get jetty accept this code snippet. Any help is appreciated. Thanks!