One security testing on my web.py application says,
HTTP Trace Support Detected
I know this allowing this will lead to cross-site tracing. But how can I disable this HTTP TRACE in my web.py app?
Asked
Active
Viewed 202 times
0
Marlon Abeykoon
- 11,927
- 4
- 54
- 75
1 Answers
0
web.py doesn't support TRACE natively. Best to check your security tester. You can verify using something like curl -X TRACE on your website:
$ curl -v -X TRACE http://example.com
<html>
<head><title>405 Not Allowed</title></head>
...
pbuck
- 4,291
- 2
- 24
- 36