task-4611 川北剩余高中危漏洞处理

服务器端也应该禁止TRACE\TRACK方法

ibps-provider-root/modules/provider-business/src/main/java/com/lc/ibps/filter/CORSFilter.java

@@ -53,7 +53,13 @@ public class CORSFilter implements Filter {
             filterChain.doFilter(httpRequest, response);
             return;
         }
-
+        //80端口已经禁止了，服务器端也应该禁止TRACE\TRACK方法
+        String method = httpRequest.getMethod();
+        if ("TRACE".equalsIgnoreCase(method) || "TRACK".equalsIgnoreCase(method)) {
+            response.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED);//405
+            response.getWriter().write("method TRACE/TRACK not allowed");
+            return;
+        }
         // Host头验证
         if(!validateHostHeader(httpRequest, response)){
             log.warn("Host头验证白名单失败",ALLOWED_HOSTS);