@MujeebUrRehman Seems we don't have any OOTB feature to disable the HTTP Methods. We can do by using a servlet filter to check the incoming request and reject any requests with the Options
Servlet filter :
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class DisableOptionsFilter implements Filter {
public void init(FilterConfig config) throws ServletException {}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws ServletException, IOException {
if (((HttpServletRequest) request).getMethod().equalsIgnoreCase("OPTIONS")) {
((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN);
} else {
chain.doFilter(request, response);
}
}
public void destroy() {}
}
And below is the OSGi
import org.osgi.service.component.annotations.Component;
import javax.servlet.Filter;
@Component(
service = Filter.class,
property = {
"sling.filter.scope=REQUEST",
"sling.filter.pattern=(/.*)(\\.(html|json|xml))?($|/.*)"
}
)
public class DisableOptionsFilterConfig extends DisableOptionsFilter {}
