Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] How to disable HTTP Options in openfire-jetty?
I actually have a live Openfire server I'm deploying for a client. I have to make changes anyhow -- enable Perfect Forward Secrecy and disable SSLv3, because even though we're not using HTTPS, we may in the future. So I can look into this, and report back to the list. It will be a little while before I have the time to do it, though. If you're interested, hit me up off-list.

Thanks :)

abc xyz wrote:
*bump*
Steve is right. Anyone knows how to disable OPTIONS?
Any help is appreciated.

Thanks

On Thu, Jun 25, 2015 at 11:35 AM, Steve Sobol - Lobos Studios <steve@xxxxxxxxxxxxxxxx> wrote:
Openfire is an XMPP chat server that runs on top of Jetty.

Joakim Erdfelt wrote:
What is openfire?

Does it even use standard servlet behavior?

--
Joakim Erdfelt <joakim@xxxxxxxxxxx>
Expert advice, services and support from from the Jetty & CometD experts

On Thu, Jun 25, 2015 at 10:29 AM, abc xyz <pranav.usnews@xxxxxxxxx> wrote:

Hello,

I am using openfire 3.8.2. I want to completely disable HTTP OPTIONS on the webapp.

I included following in my web.xml for jetty under WEB-INF/

{code}

<security-constraint>

    <web-resource-collection>

          <web-resource-name>Disable OPTIONS</web-resource-name>

                <url-pattern>/*</url-pattern>

                 <http-method>OPTIONS</http-method>

           </web-resource-collection>

           <auth-constraint/>

</security-constraint>

{code}

 

 

Upon making an OPTIONS request to https://IP:PORT/http-bind/ , I still get 200 OK.

I also extracted openfire.jar to change it's webdefault.xml to have this code snippet. I believe as I have my own web.xml in source, that should work. Also, this web.xml config works fine with a apache tomcat based webapp and gives me an apt 403 status code. I am unable to get jetty accept this code snippet. Any help is appreciated. Thanks!


_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users

--
Lobos Studios - Website and Mobile App Design & Development; IT Support; Computer Maintenance
Toll Free  877.919.4WEB - Apple Valley 760.684.8859 - Los Angeles 310.945.2410 - Cleveland 216.242.4010
www.LobosStudios.com * www.facebook.com/LobosStudios * @LobosStudios


_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users

--
Lobos Studios - Website and Mobile App Design & Development; IT Support; Computer Maintenance
Toll Free  877.919.4WEB - Apple Valley 760.684.8859 - Los Angeles 310.945.2410 - Cleveland 216.242.4010
www.LobosStudios.com * www.facebook.com/LobosStudios * @LobosStudios

Back to the top