Hello!
Please, is it possible to disable TRACE and TRACK directives to Metabase Jetty server?
For example:
curl -v -X TRACK http://metabaseserver:3000
curl -v -X TRACE http://metabaseserver:3000
Thanks in advance!
Gabriel.
Hello!
Please, is it possible to disable TRACE and TRACK directives to Metabase Jetty server?
For example:
curl -v -X TRACK http://metabaseserver:3000
curl -v -X TRACE http://metabaseserver:3000
Thanks in advance!
Gabriel.
Hi @gferrette
Metabase does not return anything through those methods. But you can use a reverse-proxy to block methods - otherwise you would have to build your own version - see this file for places to change Jetty:
https://github.com/metabase/metabase/blob/master/src/metabase/server.clj
Can you explain why you need it disabled?
Hello @flamber!
Thanks for quick replying, we are going to block it via apache reverse proxy. We need it disabled for security complience reasons.
Thanks again!
Gabriel.
Hi @gferrette
I have created an issue for this, since it seems unneeded that those methods are available:
https://github.com/metabase/metabase/issues/16311 - upvote by clicking on the first post