httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Evans <>
Subject Re: TRACE still enabled by default
Date Thu, 22 Mar 2012 15:07:53 GMT
On Wed, Mar 21, 2012 at 7:33 PM, Roy T. Fielding <> wrote:
> TRACE won't work at all if the most popular end-point doesn't support it.
> If folks want to protect clients (including gateways) against their own
> stupidity regarding what they choose to send in a TRACE request, then
> do so by selectively removing some lines from the response and I will
> try to update the standard accordingly.
> Turning it off by default is not an option.  I will veto that.
> ....Roy

How about providing a simpler way of turning it off, rather than
turning it off by default? Arbitrarily, it seems, you can't use Limit
or LimitExcept to restrict it, and instead have to use a RewriteRule.



View raw message