You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Justin Edelson (JIRA)" <ji...@apache.org> on 2015/06/11 15:53:00 UTC

[jira] [Created] (SLING-4800) If SlingMainServlet has allowTrace = false, default Allow header shouldn't contain TRACE method

Justin Edelson created SLING-4800:
-------------------------------------

             Summary: If SlingMainServlet has allowTrace = false, default Allow header shouldn't contain TRACE method
                 Key: SLING-4800
                 URL: https://issues.apache.org/jira/browse/SLING-4800
             Project: Sling
          Issue Type: Bug
          Components: API, Engine
            Reporter: Justin Edelson
            Priority: Minor


If the configuration of the SlingMainServlet specifies that the TRACE method isn't allowed, the Allow header in an OPTIONS response from servlets extending the SlingSafeMethodsServlet still contain the TRACE method. This shouldn't be the case. Although technically allowable by the HTTP spec, this behavior isn't ideal



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)