It's normal method of HTTP server (same as GET, PUT or POST), in our particular case Tomcat which we are using.

The OPTIONS method can be disabled on the server by updating the web.xml file and adding the block below BEFORE the </web-app> closing tag.

FILE: C:\Program Files\CA\CA Test Data Manager Portal\tomcat\conf\web.xml

1. Backup the existing web.xml, so copy C:\Program Files\CA\CA Test Data Manager Portal\tomcat\conf\web.xml to C:\Program Files\CA\CA Test Data Manager Portal\tomcat\conf\web.xml.backup

2. Edit C:\Program Files\CA\CA Test Data Manager Portal\tomcat\conf\web.xml

Add below lines just before the closing </web-app> tag.

<security-constraint>
<web-resource-collection>
<web-resource-name>restricted methods</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<auth-constraint />
</security-constraint>

<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,CONNECT,PUT,DELETE,HEAD</param-value>
</init-param>
</filter>

<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

3. Save changes

4. Restart the TDM Portal.

Tomcat should now block just the OPTIONS method.

You can verify with the OPTIONS method is disabled from Postman or Curl:

From Postman:

From curl:

C:\Users\mnunns57>curl -k -X OPTIONS https://localhost:8443
<!doctype html><html lang="en"><head><title>HTTP Status 403 – Forbidden</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 403 – Forbidden</h1></body></html>