In my application one of the Security observations is “Insecure HTTP Methods Enabled”.
This is to disable the HTTP methods like DELETE, TRACE, OPTIONS, PUT, PATCH, HEAD, DEBUG.
Initially I had solved this observation by creating a java filter which would block these methods, and this was working fine as well.
But then to solve CSP (NONCE) I had to upgrade my oracle apex from 24.1 to 24.2.
Post this upgrade HTTP Methods HEAD and OPTIONS have stopped working.
My filter is not disabling these two out of the lot.
Please advise if you have come across similar situation or have any thoughts.