Apache TraceEnable Off (#4863) · e1b2f6ae13 - Gogs

Просмотр исходного кода

Apache TraceEnable Off (#4863)

I have just received an e-mail with a security concern.
Although most likely an obsolete concern (old browsers with Java applets), and the Apache team saying that there is no problem, let's disable the TRACE method by default in our Docker images until we hear anybody actually wanting this feature.
https://httpd.apache.org/docs/current/mod/core.html#traceenable
https://owasp.org/www-community/attacks/Cross_Site_Tracing

Alexandre Alapetite 3 лет назад

Родитель

3bcceb1338

Сommit

e1b2f6ae13

1 измененных файлов с 1 добавлено и 0 удалено

Разделённый вид Показать статистику Diff

						
							+ 1
							
							- 0
						
Docker/FreshRSS.Apache.conf
							 
								Просмотреть файл
							
				@@ -8,6 +8,7 @@ CustomLog /dev/stdout combined_proxy
			
				 ErrorLog /dev/stderr
			
				 AllowEncodedSlashes On
			
				 ServerTokens OS
			
				+TraceEnable Off
			
				 <Directory />
			
				 	AllowOverride None