Hi,
I am trying to disable the http OPTIONS method due to security requirements but I can’t find how to do it with Cuba. In spring I have found how to do it through the configuration xml but I have not found it in cuba platform. Can it be done through configuration? How can I do it?
Thanks,
Pedro
Hi,
CUBA is based on Servlet API and Spring Framework technologies and can utilize all recipes available for Tomcat, Spring, for Servlets etc.
Such security requirement can easily be done on the level of the application server.
If you use tomcat - just search “tomcat disable http options method” in Google and there will be many solutions.
For example:
IBM Developer - similar question for other product, they suggest to change settings in the tomcat/conf/web.xml.
Build a servlet filter that checks the request method and sends a 405 response if the method is on a blacklist.
That sounds like a appserver-agnostic approach. You can write your servlet filter, register it in CUBA module’s web.xml and it will work.