httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <>
Subject Re: Rev 2: [PATCH] 1.3 TraceEnable [on|off|extended]
Date Fri, 24 Jun 2005 18:07:38 GMT
At 04:27 PM 6/23/2005, Roy T. Fielding wrote:
>On Jun 23, 2005, at 6:53 AM, William A. Rowe, Jr. wrote:
>>The patch, in final form, tested and works for T-E with C-L > body,
>>T-E with C-L < body, C-L only, T-E only and no body.  It correctly
>>denies proxy TRACE with a body by default, and will deny all TRACE
>>requests for 'TraceEnable off'.
>>Votes please, before I invest in patching 2.x?
>The correct response code to send is 403 Forbidden, not 405,
>since the method is being handled. That will simplify your
>patch considerably.

That still begs the question, if ap_die is called with the
error 405 should we return 'Allow:' with no tags, or drop
the Allow: header altogether.  In the past, this would have
been the almost equally absurd 'Allow: TRACE' alone, but with
the patch, we might not even have that.

It still seems the edge case exists.

>I have submitted a change request for s/MUST/MAY/ in the text of
>2616's definition of 405, since the Allow header field should not
>be required.

+1 thanks!


View raw message