Justin Edelson created SLING-4800:
-------------------------------------
Summary: If SlingMainServlet has allowTrace = false, default Allow
header shouldn't contain TRACE method
Key: SLING-4800
URL: https://issues.apache.org/jira/browse/SLING-4800
Project: Sling
Issue Type: Bug
Components: API, Engine
Reporter: Justin Edelson
Priority: Minor
If the configuration of the SlingMainServlet specifies that the TRACE method
isn't allowed, the Allow header in an OPTIONS response from servlets extending
the SlingSafeMethodsServlet still contain the TRACE method. This shouldn't be
the case. Although technically allowable by the HTTP spec, this behavior isn't
ideal
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
