Accepts methods starting with an ASCII letter and continuing with letters, digits, hyphens or underscores, up to maxLength characters, e.g. GET, PROPFIND or X-CUSTOM_2. Narrower than {@link RFC9110MethodValidator} (excludes most RFC 9110 punctuation tchars) but wider than {@link UppercaseMethodValidator} (allows lowercase and digits). This is the built-in default applied by {@link com.predic8.membrane.core.transport.Transport} when no validator component is declared, so it rarely needs to be declared explicitly; declare it to change maxLength or allowTrace. See examples/configuration for a runnable config.
Whether to allow the TRACE HTTP method. TRACE echoes the request back in the response body and is a classic vector for cross-site tracing attacks, so it is rejected unless explicitly allowed.
true
maxLength
false
20
Maximum length of an accepted method. Methods longer than this are rejected.