You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2017/02/14 11:00:18 UTC
svn commit: r1782946 - in /tomcat/trunk:
java/org/apache/catalina/servlets/WebdavServlet.java
webapps/docs/changelog.xml
Author: markt
Date: Tue Feb 14 11:00:18 2017
New Revision: 1782946
URL: http://svn.apache.org/viewvc?rev=1782946&view=rev
Log:
Correct OPTIONS response for WebDAV so TRACE is not included when it is disabled
Modified:
tomcat/trunk/java/org/apache/catalina/servlets/WebdavServlet.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/catalina/servlets/WebdavServlet.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/servlets/WebdavServlet.java?rev=1782946&r1=1782945&r2=1782946&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/servlets/WebdavServlet.java (original)
+++ tomcat/trunk/java/org/apache/catalina/servlets/WebdavServlet.java Tue Feb 14 11:00:18 2017
@@ -40,6 +40,7 @@ import javax.xml.parsers.DocumentBuilder
import javax.xml.parsers.ParserConfigurationException;
import org.apache.catalina.WebResource;
+import org.apache.catalina.connector.RequestFacade;
import org.apache.catalina.util.ConcurrentDateFormat;
import org.apache.catalina.util.DOMWriter;
import org.apache.catalina.util.XMLWriter;
@@ -2303,7 +2304,12 @@ public class WebdavServlet
return methodsAllowed;
}
- methodsAllowed.append("OPTIONS, GET, HEAD, POST, DELETE, TRACE");
+ methodsAllowed.append("OPTIONS, GET, HEAD, POST, DELETE");
+ // Trace - assume disabled unless we can prove otherwise
+ if (req instanceof RequestFacade &&
+ ((RequestFacade) req).getAllowTrace()) {
+ methodsAllowed.append(", TRACE");
+ }
methodsAllowed.append(", PROPPATCH, COPY, MOVE, LOCK, UNLOCK");
if (listings) {
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1782946&r1=1782945&r2=1782946&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Tue Feb 14 11:00:18 2017
@@ -97,6 +97,11 @@
Improve the performance of <code>AuthenticatorBase</code> when there is
no JASPIC configuration available. (violetagg)
</scode>
+ <fix>
+ When HTTP TRACE requests are disabled on the Connector, ensure that the
+ HTTP OPTIONS response from custom the WebDAV servlet does not include
+ TRACE in the returned Allow header. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org