changelog.xml

markt Tue, 24 Mar 2009 06:18:44 -0700

Author: markt
Date: Tue Mar 24 13:18:15 2009
New Revision: 757782

URL: http://svn.apache.org/viewvc?rev=757782&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=39396
Exclude TRACE in OPTIONS response by default. Include it where we know it is 
enabled.


Modified:
    
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/RequestFacade.java
    
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java
    tomcat/container/tc5.5.x/webapps/docs/changelog.xml

Modified: 
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/RequestFacade.java
URL: 
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/RequestFacade.java?rev=757782&r1=757781&r2=757782&view=diff
==============================================================================
--- 
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/RequestFacade.java
 (original)
+++ 
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/RequestFacade.java
 Tue Mar 24 13:18:15 2009
@@ -931,4 +931,7 @@
         return request.getRemotePort();
     }
 
+    public boolean getAllowTrace() {
+        return request.getConnector().getAllowTrace();
+    }
 }

Modified: 
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java
URL: 
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java?rev=757782&r1=757781&r2=757782&view=diff
==============================================================================
--- 
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java
 (original)
+++ 
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java
 Tue Mar 24 13:18:15 2009
@@ -55,6 +55,7 @@
 import javax.xml.transform.stream.StreamSource;
 
 import org.apache.catalina.Globals;
+import org.apache.catalina.connector.RequestFacade;
 import org.apache.catalina.util.RequestUtil;
 import org.apache.catalina.util.ServerInfo;
 import org.apache.catalina.util.StringManager;
@@ -76,8 +77,7 @@
 
 public class DefaultServlet
     extends HttpServlet {
-
-
+    
     // ----------------------------------------------------- Instance Variables
 
 
@@ -406,6 +406,49 @@
 
 
     /**
+     * Override default implementation to ensure that TRACE is correctly
+     * handled.
+     *
+     * @param req   the {...@link HttpServletRequest} object that
+     *                  contains the request the client made of
+     *                  the servlet
+     *
+     * @param resp  the {...@link HttpServletResponse} object that
+     *                  contains the response the servlet returns
+     *                  to the client                                
+     *
+     * @exception IOException   if an input or output error occurs
+     *                              while the servlet is handling the
+     *                              OPTIONS request
+     *
+     * @exception ServletException  if the request for the
+     *                                  OPTIONS cannot be handled
+     */
+    protected void doOptions(HttpServletRequest req, HttpServletResponse resp)
+        throws ServletException, IOException {
+
+        StringBuffer allow = new StringBuffer();
+        // There is a doGet method
+        allow.append("GET, HEAD");
+        // There is a doPost
+        allow.append(", POST");
+        // There is a doPut
+        allow.append(", PUT");
+        // There is a doDelete
+        allow.append(", DELETE");
+        // Trace - assume disabled unless we can prove otherwise
+        if (req instanceof RequestFacade &&
+                ((RequestFacade) req).getAllowTrace()) {
+            allow.append(", TRACE");
+        }
+        // Always allow options
+        allow.append(", OPTIONS");
+        
+        resp.setHeader("Allow", allow.toString());
+    }
+    
+    
+    /**
      * Process a POST request for the specified resource.
      *
      * @param request The servlet request we are processing

Modified: tomcat/container/tc5.5.x/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/webapps/docs/changelog.xml?rev=757782&r1=757781&r2=757782&view=diff
==============================================================================
--- tomcat/container/tc5.5.x/webapps/docs/changelog.xml (original)
+++ tomcat/container/tc5.5.x/webapps/docs/changelog.xml Tue Mar 24 13:18:15 2009
@@ -39,6 +39,10 @@
         match for the appBase. (markt)
       </fix>
       <fix>
+        <bug>39396</bug>: Only include TRACE in an OPTIONS response if we know
+        it has been enabled. (markt)
+      </fix>
+      <fix>
         Remove wrong "No role found" realm debug log message,
         even if a role was found. (rjung)
       </fix>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r757782 - in /tomcat/container/tc5.5.x: catalina/src/share/org/apache/catalina/connector/RequestFacade.java catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java webapps/docs/changelog.xml

Reply via email to