HTTP的NodeJS服務器 - 禁用HTTP方法，跟蹤TRACE等

Question

運行我的HTTP的NodeJS服務器上nmap我得到：

nmap -p 443 --script http-methods localhost 

Starting Nmap 6.40 (http://nmap.org) at 2016-10-28 11:26 BST 
Nmap scan report for localhost 
Host is up (0.00051s latency). 
PORT STATE SERVICE 
443/tcp open https 
| http-methods: ACL BIND CHECKOUT CONNECT COPY DELETE GET HEAD LINK LOCK M-SEARC             H MERGE MKACTIVITY MKCALENDAR MKCOL MOVE NOTIFY PATCH POST PROPFIND PROPPATCH PU             RGE PUT REBIND REPORT SEARCH SUBSCRIBE TRACE UNBIND UNLINK UNLOCK UNSUBSCRIBE 
| Potentially risky methods: ACL BIND CHECKOUT CONNECT COPY DELETE LINK LOCK M-S             EARCH MERGE MKACTIVITY MKCALENDAR MKCOL MOVE NOTIFY PATCH PROPFIND PROPPATCH PUR             GE PUT REBIND REPORT SEARCH SUBSCRIBE TRACE UNBIND UNLINK UNLOCK UNSUBSCRIBE 
|_See http://nmap.org/nsedoc/scripts/http-methods.html 
MAC Address: AB:CD:75:EF:A5:6D (Unknown) 

Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds 

於是我找禁用一些方法，主要是在「潛在危險的方法：「列表。

這在Apache中相當平凡，但我在NodeJS中看不到任何方式。

This SO question談論編輯節點的C源，但我並不想這樣做。

The node docs顯示一個http.METHODS方法，但那只是一個get。

Answer 1

當被問及對幫助的NodeJS和GitHub的得到了這種反應bnoordhuis：

const allowedMethods = ['GET','HEAD','POST']; 

function onrequest(req, res) { 
    if (!allowedMethods.includes(req.method)) 
    return res.end(405, 'Method Not Allowed'); 
    // ... 
} 

https://github.com/nodejs/help/issues/357