You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/08/01 16:43:09 UTC
[tomcat] branch 10.0.x updated: Update docs for TRACE changes
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.0.x by this push:
new 43226e3de5 Update docs for TRACE changes
43226e3de5 is described below
commit 43226e3de5e0a61847cdbcc05fa37ce69f6989e4
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon Aug 1 17:42:52 2022 +0100
Update docs for TRACE changes
---
webapps/docs/config/ajp.xml | 6 +++++-
webapps/docs/config/http.xml | 6 +++++-
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/webapps/docs/config/ajp.xml b/webapps/docs/config/ajp.xml
index c59c7bd14f..1a3cccdeaa 100644
--- a/webapps/docs/config/ajp.xml
+++ b/webapps/docs/config/ajp.xml
@@ -92,7 +92,11 @@
<attribute name="allowTrace" required="false">
<p>A boolean value which can be used to enable or disable the TRACE
- HTTP method. If not specified, this attribute is set to false.</p>
+ HTTP method. If not specified, this attribute is set to false. As per RFC
+ 7231 section 4.3.8, cookie and www-authenticate headers will be excluded
+ from the response to the TRACE request. If you wish to include these, you
+ can implement the <code>doTrace()</code> method for the target Servlet and
+ gain full control over the reponse.</p>
</attribute>
<attribute name="asyncTimeout" required="false">
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 65f251f9db..6c716bfe99 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -88,7 +88,11 @@
<attribute name="allowTrace" required="false">
<p>A boolean value which can be used to enable or disable the TRACE
- HTTP method. If not specified, this attribute is set to false.</p>
+ HTTP method. If not specified, this attribute is set to false. As per RFC
+ 7231 section 4.3.8, cookie and www-authenticate headers will be excluded
+ from the response to the TRACE request. If you wish to include these, you
+ can implement the <code>doTrace()</code> method for the target Servlet and
+ gain full control over the reponse.</p>
</attribute>
<attribute name="asyncTimeout" required="false">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org