A forbidden OPTIONS request to JBoss still receives an Allow header in the 403'd response

Solution Verified - Updated -


  • We've restricted the OPTIONS method and configured a custom 403 error pages in our application's WEB-INF\web.xml:
          <web-resource-name>restricted methods</web-resource-name>

We get a 403 response for OPTIONS requests now, but we are still seeing an Allow header in the 403'd response


  • JBoss Enterprise Application Platform (EAP)
    • 5.x
    • 6.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In