To disable the default handling of trace in spring boot you can override the behaviour of the doTrace handler on the DispatcherServlet.
Adding this component to your spring config should do the trick. (Example is in Kotlin but you can convert to Java easily)
@Component("dispatcherServlet")
class CustomDispatcherServlet : DispatcherServlet() {
/**
* We want to disable the default trace behaviour of returning the response
* so we override the trace handling and process it as normal.
* If the application doesn't support TRACE then a HTTP 405 response will be generated.
*/
override fun doTrace(request: HttpServletRequest, response: HttpServletResponse) {
processRequest(request, response)
}
}
This generates this response for a TRACE request
{
"timestamp": "2019-01-22T10:03:46.906+0000",
"status": 405,
"error": "Method Not Allowed",
"message": "TRACE method is not allowed",
"path": "/"
}