Accepts only methods consisting of uppercase letters A-Z, up to maxLength characters. The strictest policy: GET and POST pass, but PROPFIND2 (digit) and get (lowercase) are answered with 501 Not Implemented. See examples/configuration for a runnable config.
Whether to allow the TRACE HTTP method. TRACE echoes the request back in the response body and is a classic vector for cross-site tracing attacks, so it is rejected unless explicitly allowed.
true
maxLength
false
20
Maximum length of an accepted method. Methods longer than this are rejected.