vulnerabilities because of Allow tag in HTML header with Tomcat/Springboot

Question

When running pen tests on my SpringBoot application, I find the two following vulnerabilities:

nikto -ssl -h https://localhost:8181
...
+ Allowed HTTP Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS 
+ OSVDB-397: HTTP method ('Allow' Header): 'PUT' method could allow clients to save files on the web server.
+ OSVDB-5646: HTTP method ('Allow' Header): 'DELETE' may allow clients to remove files on the web server.

It can also be observed by running:

curl -k -i --request-target "*" -X OPTIONS https://localhost:8181
...
HTTP/1.1 200 
Allow: GET, HEAD, POST, PUT, DELETE, OPTIONS

I tried, but in vain, to configure/tune my SpringBoot application in order to avoid this issue

My objective was to return a HTTP header with only "Allow: GET, POST".

When investigating that possibility, I found that the answer to the "OPTIONS *" query was done in CoyoteAdapter:

    protected boolean postParseRequest(org.apache.coyote.Request req,
                                       Request request,
                                       org.apache.coyote.Response res,
                                       Response response) throws IOException, ServletException {
    ...
        if (undecodedURI.equals("*")) {
            if (req.method().equalsIgnoreCase("OPTIONS")) {
                StringBuilder allow = new StringBuilder();
                allow.append("GET, HEAD, POST, PUT, DELETE, OPTIONS");

Here, it seems that the "allow" tag is hardcoded: I can't modify it!

Any idea to avoid the detection of the vulnerabilities?

*this question is the continuation of

• Restrict HTTP methods (only GET and POST) in Spring Web application
• Allow only GET and POST HTTP methods for "*" target in Spring Web application