struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Hardy <>
Subject Re: Allowing only POST for form submittal ????
Date Thu, 07 Aug 2003 09:39:52 GMT
Thought trave couldn't be right. I was just worried whether they would 
open up more possibilities for crackers, especially since I've list the 
methods in my web.xml so:

     <web-resource-name>LinkLibrary Application</web-resource-name>
     <!-- Define the context-relative URL(s) to be protected -->
     <!-- If you list http methods, only those methods are protected -->

and I just based this on the web.xml from the struts example app years 
ago. Anyway, I guess it's time to remove the list of http-methods.


Jason Lea wrote:
> Adam Hardy wrote:
>> Hi Jason,
>> I've heard of Get, Post, Put and Delete, but what are Head, Options 
>> and Trave?
> Oops, should be Trace.
> as to what they do...
> Servlet Spec 2.3,  2.1.2 says:
> The doHead method in HttpServlet is a specialized form of the doGet 
> method that returns only the headers produced by the doGet method. The 
> doOptions method responds with which HTTP methods are supported by the 
> servlet. The doTrace method generates a response containing all 
> instances of the headers sent in the TRACE request.
> The RFC gives some more details:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message