Apache TraceEnable Off (#4863)

I have just received an e-mail with a security concern. Although most likely an obsolete concern (old browsers with Java applets), and the Apache team saying that there is no problem, let's disable the TRACE method by default in our Docker images until we hear anybody actually wanting this feature. https://httpd.apache.org/docs/current/mod/core.html#traceenable https://owasp.org/www-community/attacks/Cross_Site_Tracing
author: Alexandre Alapetite <alexandre@alapetite.fr> 2022-11-16 23:27:45 +0100
committer: GitHub <noreply@github.com> 2022-11-16 23:27:45 +0100
commit: e1b2f6ae1370111ca273e77c1fc7c5df3b11a2ec (patch)
tree: c985bb43327d1d4e1e372130e8fdb69219cebe92 /Docker
parent: 3bcceb133831ad511a739d94f11d654a7e9f3449 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/Docker/FreshRSS.Apache.conf b/Docker/FreshRSS.Apache.conf
index c7a0080ac..2cfb9cbf9 100644
--- a/Docker/FreshRSS.Apache.conf
+++ b/Docker/FreshRSS.Apache.conf
@@ -8,6 +8,7 @@ CustomLog /dev/stdout combined_proxy
 ErrorLog /dev/stderr
 AllowEncodedSlashes On
 ServerTokens OS
+TraceEnable Off
 
 <Directory />
 	AllowOverride None
author	Alexandre Alapetite <alexandre@alapetite.fr>	2022-11-16 23:27:45 +0100
committer	GitHub <noreply@github.com>	2022-11-16 23:27:45 +0100
commit	e1b2f6ae1370111ca273e77c1fc7c5df3b11a2ec (patch)
tree	c985bb43327d1d4e1e372130e8fdb69219cebe92 /Docker
parent	3bcceb133831ad511a739d94f11d654a7e9f3449 (diff)