Accepts any method matching the RFC 9110 token grammar (the spec's definition of a valid method), up to maxLength characters. The most permissive of the built-in policies: it also accepts lowercase methods and punctuation tchars such as PROPFIND or my.method. Declare it explicitly to widen validation beyond the {@link DefaultMethodValidator built-in default}. See examples/configuration for a runnable config.
Whether to allow the TRACE HTTP method. TRACE echoes the request back in the response body and is a classic vector for cross-site tracing attacks, so it is rejected unless explicitly allowed.
true
maxLength
false
20
Maximum length of an accepted method. Methods longer than this are rejected.