httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <>
Subject Re: Rev 2: [PATCH] 1.3 TraceEnable [on|off|extended]
Date Thu, 23 Jun 2005 21:27:49 GMT
On Jun 23, 2005, at 6:53 AM, William A. Rowe, Jr. wrote:

> The patch, in final form, tested and works for T-E with C-L > body,
> T-E with C-L < body, C-L only, T-E only and no body.  It correctly
> denies proxy TRACE with a body by default, and will deny all TRACE
> requests for 'TraceEnable off'.
> Votes please, before I invest in patching 2.x?

The correct response code to send is 403 Forbidden, not 405,
since the method is being handled. That will simplify your
patch considerably.

I have submitted a change request for s/MUST/MAY/ in the text of
2616's definition of 405, since the Allow header field should not
be required.


View raw message