From f0dc845825da84ef71eecd619ecdfb80a62b417b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=99=88=E7=B2=BE=E5=8D=8E?= <842761733@qq.com>
Date: Tue, 13 Dec 2022 18:04:22 +0800
Subject: [PATCH] =?UTF-8?q?=E7=A6=81=E6=AD=A2TRACE=E8=AF=B7=E6=B1=82?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../web/filter/SecurityFilterProxy.java       | 30 +++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 server/src/main/java/cn/keking/web/filter/SecurityFilterProxy.java

diff --git a/server/src/main/java/cn/keking/web/filter/SecurityFilterProxy.java b/server/src/main/java/cn/keking/web/filter/SecurityFilterProxy.java
new file mode 100644
index 00000000..1a837533
--- /dev/null
+++ b/server/src/main/java/cn/keking/web/filter/SecurityFilterProxy.java
@@ -0,0 +1,30 @@
+package cn.keking.web.filter;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+
+@Configuration
+public class SecurityFilterProxy extends OncePerRequestFilter {
+
+
+    private String NOT_ALLOW_METHODS = "TRACE";
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
+                                    FilterChain filterChain) throws ServletException, IOException {
+        if((","+NOT_ALLOW_METHODS+",").indexOf(","+request.getMethod().toLowerCase()+",") > -1) {
+            response.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
+            response.setHeader("Content-Type", "text/html; charset=iso-8859-1");
+            response.getWriter().println("Method Not Allowed");
+            return;
+        }
+        super.doFilter(request, response, filterChain);
+    }
+}