I am using openfire 3.8.2. I want to completely disable HTTP OPTIONS on the webapp.
I included following in my web.xml for jetty under WEB-INF/
<web-resource-collection> <web-resource-name>Disable OPTIONS</web-resource-name> <url-pattern>/*</url-pattern> <http-method>OPTIONS</http-method> </web-resource-collection> <auth-constraint/>
Upon making an OPTIONS request to https://IP:PORT/http-bind/ , I still get 200 OK.
I also extracted openfire.jar to change it’s webdefault.xml to have this code snippet. I believe as I have my own web.xml in source, that should work. Also, this web.xml config works fine with a apache tomcat based webapp and gives me an apt 403 status code. I am unable to get jetty accept this code snippet. Any help is appreciated. Thanks!