You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/08/01 16:43:05 UTC

[tomcat] branch main updated: Update docs for TRACE changes

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new 9d2cebf6f3 Update docs for TRACE changes
9d2cebf6f3 is described below

commit 9d2cebf6f32b28e70a39456b0f45525df7a0a7ae
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon Aug 1 17:42:52 2022 +0100

    Update docs for TRACE changes
---
 webapps/docs/config/ajp.xml  | 6 +++++-
 webapps/docs/config/http.xml | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/webapps/docs/config/ajp.xml b/webapps/docs/config/ajp.xml
index 6850854a1a..9b8962af9d 100644
--- a/webapps/docs/config/ajp.xml
+++ b/webapps/docs/config/ajp.xml
@@ -89,7 +89,11 @@
 
     <attribute name="allowTrace" required="false">
       <p>A boolean value which can be used to enable or disable the TRACE
-      HTTP method. If not specified, this attribute is set to false.</p>
+      HTTP method. If not specified, this attribute is set to false. As per RFC
+      7231 section 4.3.8, cookie and www-authenticate headers will be excluded
+      from the response to the TRACE request. If you wish to include these, you
+      can implement the <code>doTrace()</code> method for the target Servlet and
+      gain full control over the reponse.</p>
     </attribute>
 
     <attribute name="asyncTimeout" required="false">
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 890bf7dcef..ee7e92da7a 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -85,7 +85,11 @@
 
     <attribute name="allowTrace" required="false">
       <p>A boolean value which can be used to enable or disable the TRACE
-      HTTP method. If not specified, this attribute is set to false.</p>
+      HTTP method. If not specified, this attribute is set to false. As per RFC
+      7231 section 4.3.8, cookie and www-authenticate headers will be excluded
+      from the response to the TRACE request. If you wish to include these, you
+      can implement the <code>doTrace()</code> method for the target Servlet and
+      gain full control over the reponse.</p>
     </attribute>
 
     <attribute name="asyncTimeout" required="false">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org