[jira] [Commented] (SLING-4800) If SlingMainServlet has allowTrace = false, default Allow header shouldn't contain TRACE method

Justin Edelson (JIRA) Thu, 11 Jun 2015 06:59:37 -0700

    [ 
https://issues.apache.org/jira/browse/SLING-4800?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14581944#comment-14581944
 ]


Justin Edelson commented on SLING-4800:
---------------------------------------

proposed patch: https://codereview.appspot.com/247970043

> If SlingMainServlet has allowTrace = false, default Allow header shouldn't 
> contain TRACE method
> -----------------------------------------------------------------------------------------------
>
>                 Key: SLING-4800
>                 URL: https://issues.apache.org/jira/browse/SLING-4800
>             Project: Sling
>          Issue Type: Bug
>          Components: API, Engine
>            Reporter: Justin Edelson
>            Priority: Minor
>
> If the configuration of the SlingMainServlet specifies that the TRACE method 
> isn't allowed, the Allow header in an OPTIONS response from servlets 
> extending the SlingSafeMethodsServlet still contain the TRACE method. This 
> shouldn't be the case. Although technically allowable by the HTTP spec, this 
> behavior isn't ideal



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SLING-4800) If SlingMainServlet has allowTrace = false, default Allow header shouldn't contain TRACE method

Reply via email to