you're reading...

Disabling TRACE in Selenium

I have seen this question come up at-least twice on the Selenium forums. So I thought I might as well just create a blog post which shows how TRACE call can be disabled in the Selenium Uber jar.

There’s no direct way of doing it. From what I have googled around, it looks like TRACE calls are disabled by default when Jetty Server runs in standalone mode but its not the case when Jetty server is run in an embedded mode [ This is the mode in which Selenium standalone runs for both grid/node roles ].

All said and done, here’s how you can have this disabled.

  • Create a package named org.seleniumhq.jetty9.server
  • Within this package copy paste the entire contents of “Server.java” [ this java class is available via this dependency ]
  • In the locally copied version of Server.java, find the method named “org.seleniumhq.jetty9.server.Server#handle” and replace it with the below modified version.
  • You will have to build a custom uber standalone jar
    • For doing this, you would need to add a dependency on selenium-server [ I work with Maven, so I know of Maven only ]
    • Create a standalone java class.. let’s call it LocalServer.java with a main(String[] args) method which looks like below
    • Using the maven assembly plugin build an uber jar with the manifest file containing a reference to the newly created LocalServer.java class as the class containing main class.

Now when I tried invoking a Http Trace call, it got blocked and I received a 403 forbidden error.

curl  -X TRACE http://localhost:4444/
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/>
<title>Error 403 </title>
<h2>HTTP ERROR: 403</h2>
Problem accessing /. Reason:
<pre>    TRACE is explicitly disabled.</pre>

<hr />

<i><small>Powered by Jetty://</small></i>
public class LocalServer {
    public static void main(String[] args) throws Exception {

public void handle(HttpChannel<?> connection) throws IOException, ServletException {
    String target = connection.getRequest().getPathInfo();
    Request request = connection.getRequest();
    Response response = connection.getResponse();
    if (HttpMethod.TRACE.is(request.getMethod())) {
        response.sendError(403, request.getMethod() + " is explicitly disabled.");

    if(LOG.isDebugEnabled()) {
        LOG.debug(request.getDispatcherType() + " " + request.getMethod() + " " + target + " on " + connection, new Object[0]);

    if(!HttpMethod.OPTIONS.is(request.getMethod()) && !"*".equals(target)) {
        this.handle(target, request, request, response);
    } else {
        if(!HttpMethod.OPTIONS.is(request.getMethod())) {

        this.handleOptions(request, response);
        if(!request.isHandled()) {
            this.handle(target, request, request, response);

    if(LOG.isDebugEnabled()) {
        LOG.debug("RESPONSE " + target + "  " + connection.getResponse().getStatus() + " handled=" + request.isHandled(), new Object[0]);

A full fledged working example can be found at : https://github.com/RationaleEmotions/selenium-server

References :



No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: