Apache TraceEnable Off (#4863)

I have just received an e-mail with a security concern. Although most likely an obsolete concern (old browsers with Java applets), and the Apache team saying that there is no problem, let's disable the TRACE method by default in our Docker images until we hear anybody actually wanting this feature. https://httpd.apache.org/docs/current/mod/core.html#traceenable https://owasp.org/www-community/attacks/Cross_Site_Tracing
2022-11-16 23:27:45 +01:00 · 2022-11-16 23:27:45 +01:00 · b835c426d4
parent 5035dadfdd
commit b835c426d4
1 changed files with 1 additions and 0 deletions
--- a/Docker/FreshRSS.Apache.conf
+++ b/Docker/FreshRSS.Apache.conf
@ -8,6 +8,7 @@ CustomLog /dev/stdout combined_proxy
 ErrorLog /dev/stderr
 AllowEncodedSlashes On
 ServerTokens OS
+TraceEnable Off

 <Directory />
 	AllowOverride None