Apache TraceEnable Off (#4863)

I have just received an e-mail with a security concern. Although most likely an obsolete concern (old browsers with Java applets), and the Apache team saying that there is no problem, let's disable the TRACE method by default in our Docker images until we hear anybody actually wanting this feature. https://httpd.apache.org/docs/current/mod/core.html#traceenable https://owasp.org/www-community/attacks/Cross_Site_Tracing
author: Alexandre Alapetite <alexandre@alapetite.fr> 2022-11-16 23:27:45 +0100
committer: Alexandre Alapetite <alexandre@alapetite.fr> 2022-12-08 11:32:52 +0100
commit: b835c426d4d8baf17cb8cc4d016944603376cc99 (patch)
tree: 00d26df8685615085523da9ea0423f85fe62d030
parent: 5035dadfdd7164041cd304f05a6c3123644ae5c8 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/Docker/FreshRSS.Apache.conf b/Docker/FreshRSS.Apache.conf
index c7a0080ac..2cfb9cbf9 100644
--- a/Docker/FreshRSS.Apache.conf
+++ b/Docker/FreshRSS.Apache.conf
@@ -8,6 +8,7 @@ CustomLog /dev/stdout combined_proxy
 ErrorLog /dev/stderr
 AllowEncodedSlashes On
 ServerTokens OS
+TraceEnable Off
 
 <Directory />
 	AllowOverride None
author	Alexandre Alapetite <alexandre@alapetite.fr>	2022-11-16 23:27:45 +0100
committer	Alexandre Alapetite <alexandre@alapetite.fr>	2022-12-08 11:32:52 +0100
commit	b835c426d4d8baf17cb8cc4d016944603376cc99 (patch)
tree	00d26df8685615085523da9ea0423f85fe62d030
parent	5035dadfdd7164041cd304f05a6c3123644ae5c8 (diff)