The OPTIONS method can be disabled on the OneClick server by updating the web.xml file and adding the block below BEFORE
the </web-app> closing tag.
FILE: $SPECROOT/tomcat/conf/web.xml
Example:
- backup the existing web.xml
cp -p $SPECROOT/tomcat/conf/web.xml $SPECROOT/tomcat/conf/web.xml.backup
- edit $SPECROOT/tomcat/conf/web.xml (add below just before the closing </web-app> tag)
<security-constraint>
<web-resource-collection>
<web-resource-name>restricted methods</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>TRACE</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<auth-constraint />
</security-constraint>
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,CONNECT</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
- save changes
- restart OneClick tomcat
Tomcat should now block the OPTIONS method.