>>Actually, in the case of a JSP, we're dealing w/ JspServlet, which is an >>instance of HttpServlet. >> >>I've changed the code to return a constant set of methods if the servlet >>is not an instance of HttpServlet, avoiding the NPE. :) >> > > > My bad. I should pay more attention to Jasper :). > > However, a JSP page still will return 'Allow: OPTIONS' after all of this > work :).
Yes, but you'll get a more useful reply for any custom HttpServlets. ;-) Notice that what the patch does is return the same methods that OPTIONS would have returned in the Allow response header, minus the disabled TRACE. Since the HTTP spec requires that the Allow header should reflect the capabilities of the requested resource, I think it is a good idea to follow it as much as we can. It's not like we're adding tons of code in order to achieve this. :) Jan --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
