This content has been marked as final.
Show 1 reply
-
1. Re: httptraceenabled
jonlee Jun 15, 2003 12:56 PM (in response to brianm)TRACE is a necessary spec conformance for HTTP 1.1 and the doTrace method is declared out of necessity for conformance in the servlet base class javax.servlet.http.HttpServlet.
I suppose you could provide a security constraint for <http-method>TRACE</http-method>
I don't know that this has otherwise been addressed. The last recourse would be to either override the doTrace method for every servlet or provide a special HttpServlet class.