Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to disable or remove Allow response header from OPTIONS?

Tags:

java

spring-mvc

spring

spring-boot

spring-security

I have SecurityConfig class and I have added code to disable headers but I want to disable the 'Allow' response header. I have tried many different ways but no luck. How to add a custom header to disable?

        @Configuration
    @Slf4j
    public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception
        {
            http.csrf().disable()
    
                    .authorizeRequests().anyRequest().authenticated()
                    .and()
                    .headers().xssProtection().disable()
                    .and().headers().frameOptions().disable()
                    .and().headers().contentTypeOptions().disable()
                    .and().headers().disable()
                    .httpBasic();
        
}
}

Rest Controller

{

@RequestMapping(value = Constants.API_BASE_MAPPING + Constants.API_EVENT, method = RequestMethod.OPTIONS)
public ResponseEntity<?> publishEventMessage() {
    return getResponseEntity();
}

private ResponseEntity<?> getResponseEntity() {
    return ResponseEntity
            .ok().contentType(MediaType.APPLICATION_JSON)
            .allow() // want to remove this 
            .build();
}
}

Below is the response header from my OPTIONS API call

enter image description here

like image 901
Aadi Avatar asked Nov 07 '25 19:11

Aadi

1 Answers

If you want to set an empty Allow Header response in a particular method in your controller, you can use:

return ResponseEntity
       .ok().contentType(MediaType.APPLICATION_JSON)
       .header("Allow", "")
       .build();

Also, you can disable the OPTIONS http method for a certain path in your security configuration adding:

.antMatchers(HttpMethod.OPTIONS,"path/to/deny").denyAll()

You can't delete headers after being set. One possible solution is prevent that by creating a Filter which skips the setHeader.

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    chain.doFilter(request, new HttpServletResponseWrapper((HttpServletResponse) response) {
        public void setHeader(String name, String value) {
            if (!name.equalsIgnoreCase("Allow")) {
                super.setHeader(name, value);
            }
        }
    });
}

Based on this: https://stackoverflow.com/a/7895292/3713193

How to define a filter in Spring Boot: https://www.baeldung.com/spring-boot-add-filter

like image 74
Antonio Vida Avatar answered Nov 09 '25 12:11

Antonio Vida
Sign in to Comment

Related questions

Create a Barcode Overlay on a PDF with an instransparent Background (iText)
wait() is always throwing InterruptedException
Context path is not working for SpringBoot 3
IP addresses of network interfaces in a Java process spawned by NodeJS
Enums vs Subclasses, which is Object-oriented design?
How to check if a string contains url in java
Converting a collection of subtype to collection of supertype [duplicate]
How can I make a Spring Converter throw a custom exception instead of a ConversionFailedException?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!