Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: HTTP protocol
Submitted By: Chandra Patel (chandrapnc)
Assigned to: Nobody/Anonymous (nobody)
Summary: HTTP TRACE method
Jetty server has the http trace method enabled.
Cross Site Scripting Vulnerability applies to Jetty.
Is there a way to turn off the TRACE method?
Logged In: YES
I did some testing with an application using Jetty 6 embedded and it
appears as if the TRACE command is being accepted by default in this case.
Is this by design? Is there an API that can be used to disable it?