[DSIP-37] Disable HTTP TRACE requests in jetty via configuration

### Search before asking

- [X] I had searched in the [DSIP](https://github.com/apache/dolphinscheduler/issues/14102) and found no similar DSIP.


### Motivation

DS was scanned for TRACE vulnerability。An attacker exploiting a TRACE request, in combination with other browser-side vulnerabilities, could potentially conduct a cross-site scripting attack to obtain sensitive information, such as authentication information in a cookie, which would be used in other types of attacks.

### Design Detail

jetty TRACE requests can be disabled via a configuration option

### Compatibility, Deprecation, and Migration Plan

_No response_

### Test Plan

_No response_

### Code of Conduct

- [X] I agree to follow this project's [Code of Conduct](https://www.apache.org/foundation/policies/conduct)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[DSIP-37] Disable HTTP TRACE requests in jetty via configuration #15943

Search before asking

Motivation

Design Detail

Compatibility, Deprecation, and Migration Plan

Test Plan

Code of Conduct

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[DSIP-37] Disable HTTP TRACE requests in jetty via configuration #15943

Description

Search before asking

Motivation

Design Detail

Compatibility, Deprecation, and Migration Plan

Test Plan

Code of Conduct

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions