Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why is HTTP Options request insecure

Tags:

rest

http

tomcat

I recently heard from a security audit that HTTP Options is insecure in general and the web-server should not allow it. Can someone explain the reasons why is it so ?

like image 785
dogfish Avatar asked Dec 19 '16 21:12

dogfish

1 Answers

HTTP Options verb can divulge config / debug data on your Web server and as such should only be permitted if it's legitimately needed. Read this post on security stack exchange

https://security.stackexchange.com/questions/21413/how-to-exploit-http-methods

REST APIs make use of Options and I believe it should remain enabled.

like image 116
iainpb Avatar answered Oct 14 '22 17:10

iainpb
Sign in to Comment

Related questions

Embedded Jetty: In secure https server, ContextHandler redirects to http URI
JBPM rest calls with JSON
JAX-RS: Convert Response to Exception
Get "humanized" date in Django REST Framework
How to register Jackson2HalModule manually for standalone unit testing?
RESTfully routing an API based on user roles
How to send HTTP PUT request from Haxe/Neko?
Not able receive Double data type in Rest API developed with Spring
NodeJS: saving JSON to MongoDB
GMail REST API: Using Google Credentials Without Impersonate
SoapUI - REST Mocking with Query Parameter
Swagger-codegen get started
How to make a Website and API REST with Laravel with the same Controllers?
Web API Best Practice for Deep Object Routes
Spring Rest web service return File as Resource
Etags used in RESTful APIs are still susceptible to race conditions
Representing non-resourceful aggregated data with JSON API
PathParam for Jersey WebResource
Why/when to use IoT publish/subscribe protocols rather then RESTful HTTP?
Why GET method can be used to submit the form data?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!