You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Justin Edelson (JIRA)" <ji...@apache.org> on 2015/06/11 15:53:00 UTC
[jira] [Created] (SLING-4800) If SlingMainServlet has allowTrace =
false, default Allow header shouldn't contain TRACE method
Justin Edelson created SLING-4800:
-------------------------------------
Summary: If SlingMainServlet has allowTrace = false, default Allow header shouldn't contain TRACE method
Key: SLING-4800
URL: https://issues.apache.org/jira/browse/SLING-4800
Project: Sling
Issue Type: Bug
Components: API, Engine
Reporter: Justin Edelson
Priority: Minor
If the configuration of the SlingMainServlet specifies that the TRACE method isn't allowed, the Allow header in an OPTIONS response from servlets extending the SlingSafeMethodsServlet still contain the TRACE method. This shouldn't be the case. Although technically allowable by the HTTP spec, this behavior isn't ideal
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)