httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <>
Subject Re: Proxying OPTIONS *
Date Mon, 01 Oct 2007 18:02:29 GMT

On Oct 1, 2007, at 11:14 AM, Nick Kew wrote:

> On Mon, 01 Oct 2007 16:43:57 +0200
> Ruediger Pluem <> wrote:
>> On 10/01/2007 03:30 PM, Joshua Slive wrote:
>>> On 10/1/07, Jim Jagielski <> wrote:
>> [summary of everyone]
>> No problem.
> OK, it's actually applying the permissions of DocumentRoot.
> It's also ignoring the permissions on <Location />
> So my report was wrong, but we still have a bug:
> we shouldn't be mapping OPTIONS * to the filesystem.

TRACE also does not/should not trace to the filesystem.
So, I think what we should do is use the existing
architecture and have a quick_handler that checks for
the OPTIONS * case and, if so, return DONE.

I am not sure, to be honest, what we should do for
OPTIONS /foo if /foo is a protected entity... Reading
9.2: "communication options available on the request/response
chain... without implying a resource action or initiating a
resource retrieval" implies to me that ACL shouldn't even
enter into it and should never return a 403... Which
also implies that we should not honor any Limit for
Options either...

Before I work on the fix ( 
seems just plain wrong to me), I'd like to see what
Roy thinks about the above compliance points...

View raw message