You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by 2460873257 <24...@qq.com.INVALID> on 2024/01/18 09:22:23 UTC
Consultation on disabling insecure HTTP requests in Tomcat
Hi Tomcat Experts:
I'm trying to Looking for a solution to disable the tomcat * Options request, but upon checking the source code, it seems that it is directly defined in the code. Is there a configuration provided to disable it?
Attached are the questions and the source code found
2460873257
2460873257@qq.com
Re: Consultation on disabling insecure HTTP requests in Tomcat
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Marc, etc.,
On 1/18/24 05:10, Mark Thomas wrote:
> On 18/01/2024 09:22, 2460873257 wrote:
>> Hi Tomcat Experts:
>> I'm trying to Looking for a solution to disable the tomcat *
>> Options request,
>
> Why?
+1
What's wrong with OPTIONS requests? They allow some basic security
checks to succeed and should not be disabled. If you disable them, CORS
will fail all over the place.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Consultation on disabling insecure HTTP requests in Tomcat
Posted by Mark Thomas <ma...@apache.org>.
On 18/01/2024 09:22, 2460873257 wrote:
> Hi Tomcat Experts:
> I'm trying to Looking for a solution to disable the tomcat *
> Options request,
Why?
> but upon checking the source code, it seems that it is
> directly defined in the code. Is there a configuration provided to
> disable it?
No.
> Attached are the questions and the source code found
Attachments are removed automatically. Please use plain text.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org