svn commit: r1822342 - in /tomcat/trunk: java/org/apache/catalina/core/StandardWrapper.java webapps/docs/changelog.xml

Fri, 26 Jan 2018 12:12:01 -0800 

Author: markt
Date: Fri Jan 26 20:11:52 2018
New Revision: 1822342

URL: http://svn.apache.org/viewvc?rev=1822342&view=rev
Log:
Generate the correct allow header for a 405 response to a TRACE request to a 
JSP page.

Modified:
    tomcat/trunk/java/org/apache/catalina/core/StandardWrapper.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/catalina/core/StandardWrapper.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/StandardWrapper.java?rev=1822342&r1=1822341&r2=1822342&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/core/StandardWrapper.java (original)
+++ tomcat/trunk/java/org/apache/catalina/core/StandardWrapper.java Fri Jan 26 
20:11:52 2018
@@ -562,28 +562,34 @@ public class StandardWrapper extends Con
         }
 
         Set<String> allow = new HashSet<>();
-        allow.add("TRACE");
         allow.add("OPTIONS");
 
-        Method[] methods = getAllDeclaredMethods(servletClazz);
-        for (int i=0; methods != null && i<methods.length; i++) {
-            Method m = methods[i];
-
-            if (m.getName().equals("doGet")) {
-                allow.add("GET");
-                allow.add("HEAD");
-            } else if (m.getName().equals("doPost")) {
-                allow.add("POST");
-            } else if (m.getName().equals("doPut")) {
-                allow.add("PUT");
-            } else if (m.getName().equals("doDelete")) {
-                allow.add("DELETE");
+        if (isJspServlet) {
+            allow.add("GET");
+            allow.add("HEAD");
+            allow.add("POST");
+        } else {
+            allow.add("TRACE");
+
+            Method[] methods = getAllDeclaredMethods(servletClazz);
+            for (int i=0; methods != null && i<methods.length; i++) {
+                Method m = methods[i];
+
+                if (m.getName().equals("doGet")) {
+                    allow.add("GET");
+                    allow.add("HEAD");
+                } else if (m.getName().equals("doPost")) {
+                    allow.add("POST");
+                } else if (m.getName().equals("doPut")) {
+                    allow.add("PUT");
+                } else if (m.getName().equals("doDelete")) {
+                    allow.add("DELETE");
+                }
             }
         }
 
         String[] methodNames = new String[allow.size()];
         return allow.toArray(methodNames);
-
     }
 
 

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1822342&r1=1822341&r2=1822342&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Fri Jan 26 20:11:52 2018
@@ -79,6 +79,10 @@
         Pass 404 errors triggered by a missing ROOT web application to the
         container error handling to generate the response body. (markt)
       </add>
+      <fix>
+        Provide a correct <code>Allow</code> header when responding to an HTTP
+        <code>TRACE</code> request for a JSP with a 405 status code. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to