httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: Proxying OPTIONS *
Date Mon, 01 Oct 2007 15:57:59 GMT
Nick Kew wrote:
> 
> RFC2616 tells us OPTIONS * is basically a simple HTTP ping,
> which suggests it could be at a 'lower' level than authconfig
> and always be allowed.  If there is a reason to deny it,
> that could be by means of something analagous to TraceEnable.

Insufficient.

If we configure server-forced connection: upgrade/TLS we had better
do so in the OPTIONS phase.

So I agree that files don't apply.  <VirtualHost > would.  <Location *>
should (and I'm not stating <LocationMatch .*> or <Location />, but an
explicit case which handles only OPTIONS).

But I'm rather against breaking this in 2.2 to solve (what are, today)
configuration quirks.  Let's get this right for 2.4 and call out the
change very clearly in (our overlong) CHANGES?  I'm thinking of a new
second-priority category after SECURITY:, e.g. CONFIG: or MUSTNOTE:
so administrators who migrate aren't surprised.

Bill

Mime
View raw message