How to disable HTTP Options in openfire-jetty?

Hello,

I am using openfire 3.8.2. I want to completely disable HTTP OPTIONS on the webapp.

I included following in my web.xml for jetty under WEB-INF/

{code}

<security-constraint>

    <web-resource-collection>

          <web-resource-name>Disable OPTIONS</web-resource-name>

                <url-pattern>/*</url-pattern>

                 <http-method>OPTIONS</http-method>

           </web-resource-collection>

           <auth-constraint/>

</security-constraint>

{code}

Upon making an OPTIONS request to https://IP:PORT/http-bind/ , I still get 200 OK.

I also extracted openfire.jar to change it's webdefault.xml to have this code snippet. I believe as I have my own web.xml in source, that should work. Also, this web.xml config works fine with a apache tomcat based webapp and gives me an apt 403 status code. I am unable to get jetty accept this code snippet. Any help is appreciated. Thanks!