- We've restricted the
OPTIONSmethod and configured a custom 403 error pages in our application's
<security-constraint> <web-resource-collection> <web-resource-name>restricted methods</web-resource-name> <url-pattern>/*</url-pattern> <http-method>TRACE</http-method> <http-method>PUT</http-method> <http-method>OPTIONS</http-method> <http-method>DELETE</http-method> <http-method>HEAD</http-method> </web-resource-collection> <auth-constraint/> </security-constraint> <error-page> <error-code>403</error-code> <location>/403.html</location> </error-page>
We get a 403 response for
OPTIONS requests now, but we are still seeing an Allow header in the 403'd response
- JBoss Enterprise Application Platform (EAP)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.