如何在嵌入式tomcat中禁用http方法[重复]

Posted 2023-02-26

【中文标题】如何在嵌入式tomcat中禁用http方法[重复]

【英文标题】：How to disable http methods in embedded tomcat [duplicate]

【发布时间】：2019-02-07 21:22:12

【问题描述】：

如何在嵌入式 tomcat 中禁用 http://localhost:9092 级别的 OPTIONS 和 TRACE http 方法？ 我使用 ZAP 安全工具进行测试，我的请求是--

OPTIONS http://localhost:9092 HTTP/1.1
Proxy-Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (Khtml, like Gecko) Chrome/60.0.3112.113 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Language: en-gb
Content-Length: 0
Host: localhost:9092

我收到回复了-

HTTP/1.1 404
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH

我想禁用响应中的允许行

提前致谢

【参考方案1】：

您需要为此目标实施您的 CustomFilter。

@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class CustomFilter implements Filter 

public CustomFilter() 


@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException 
    HttpServletResponse response = (HttpServletResponse) res;
    HttpServletRequest request = (HttpServletRequest) req;
    response.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, PATCH");
    chain.doFilter(req, res);


@Override
public void init(FilterConfig filterConfig) 


@Override
public void destroy() 

希望对您有所帮助。

【讨论】：

您好 Petrobruin，非常感谢您的快速回复，但我无法调用 CustomFilter 类。我可以知道如何在 spring boot 中调用它吗？

你好，@DivyaDhale！我已经为你创建了测试项目。请在这里查看github.com/alex-petrov81/***-answers/tree/master/…