Disable HTTP TRACE / TRACK methods for Cantaloupe embedded jetty server?

[anthony-evans]

I’m working on a project where I would like to disable the HTTP TRACE method to prevent the security vulnerability of potential Cross-Site Tracing (XST) attacks.

As it turned out, it is not disabled by default for Cantaloupe which uses a jetty embedded server?

With Apache web servers it is possible to turn off Trace by adding "TraceEnable Off" to its configuration file.

But with the Cantaloupe settings file "cantaloupe.properties", there is no equivalent option to disable Trace.

Is there any way to switch off TRACE method for Cantaloupe image server?

Thanks