Author: markt
Date: Mon Feb 9 20:13:14 2009
New Revision: 742714
URL: http://svn.apache.org/viewvc?rev=742714&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=39396
Exclude TRACE in OPTIONS response by default. Include it where we know it is
enabled.
Modified:
tomcat/trunk/java/org/apache/catalina/connector/RequestFacade.java
tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java
Modified: tomcat/trunk/java/org/apache/catalina/connector/RequestFacade.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/RequestFacade.java?rev=742714&r1=742713&r2=742714&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/connector/RequestFacade.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/connector/RequestFacade.java Mon Feb
9 20:13:14 2009
@@ -994,4 +994,7 @@
return null;
}
+ public boolean getAllowTrace() {
+ return request.getConnector().getAllowTrace();
+ }
}
Modified: tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java?rev=742714&r1=742713&r2=742714&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java Mon Feb
9 20:13:14 2009
@@ -56,6 +56,7 @@
import javax.xml.transform.stream.StreamSource;
import org.apache.catalina.Globals;
+import org.apache.catalina.connector.RequestFacade;
import org.apache.catalina.util.RequestUtil;
import org.apache.catalina.util.ServerInfo;
import org.apache.catalina.util.StringManager;
@@ -77,8 +78,7 @@
public class DefaultServlet
extends HttpServlet {
-
-
+
// ----------------------------------------------------- Instance Variables
@@ -355,6 +355,49 @@
/**
+ * Override default implementation to ensure that TRACE is correctly
+ * handled.
+ *
+ * @param req the {...@link HttpServletRequest} object that
+ * contains the request the client made of
+ * the servlet
+ *
+ * @param resp the {...@link HttpServletResponse} object that
+ * contains the response the servlet returns
+ * to the client
+ *
+ * @exception IOException if an input or output error occurs
+ * while the servlet is handling the
+ * OPTIONS request
+ *
+ * @exception ServletException if the request for the
+ * OPTIONS cannot be handled
+ */
+ protected void doOptions(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ StringBuffer allow = new StringBuffer();
+ // There is a doGet method
+ allow.append("GET, HEAD");
+ // There is a doPost
+ allow.append(", POST");
+ // There is a doPut
+ allow.append(", PUT");
+ // There is a doDelete
+ allow.append(", POST");
+ // Trace - assume disabled unless we can prove otherwise
+ if (req instanceof RequestFacade &&
+ ((RequestFacade) req).getAllowTrace()) {
+ allow.append(", TRACE");
+ }
+ // Always allow options
+ allow.append(", OPTIONS");
+
+ resp.setHeader("Allow", allow.toString());
+ }
+
+
+ /**
* Process a POST request for the specified resource.
*
* @param request The servlet request we are processing
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
