Does Zope support HTTP Trace method??
Greetings All, In a lot of HTTP servers there is a method used for debugging sessions and such called TRACE. Does Zope support this?? And if so is it active, or inactive by default?? How can I turn this on and off?? Jay
Jay Zeemer wrote:
In a lot of HTTP servers there is a method used for debugging sessions and such called TRACE. Does Zope support this?? And if so is it active, or inactive by default?? How can I turn this on and off??
I'm not aware of any TRACE support in Zope. You run it behind Apache maybe? You been poking with Nessus? ;-) Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jay Zeemer wrote: | In a lot of HTTP servers there is a method used for debugging | sessions and such called TRACE. Does Zope support this?? And if so is | it active, or inactive by default?? How can I turn this on and off?? For reference, here is what the HTTP 1.1 spec (http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html$sec9.8) says: - ---------------------- 8< ------------------------------ 9.8 TRACE The TRACE method is used to invoke a remote, application-layer loop- back of the request message. The final recipient of the request SHOULD reflect the message received back to the client as the entity-body of a 200 (OK) response. The final recipient is either the origin server or the first proxy or gateway to receive a Max-Forwards value of zero (0) in the request (see section 14.31). A TRACE request MUST NOT include an entity. TRACE allows the client to see what is being received at the other end of the request chain and use that data for testing or diagnostic information. The value of the Via header field (section 14.45) is of particular interest, since it acts as a trace of the request chain. Use of the Max-Forwards header field allows the client to limit the length of the request chain, which is useful for testing a chain of proxies forwarding messages in an infinite loop. If the request is valid, the response SHOULD contain the entire request message in the entity-body, with a Content-Type of "message/http". Responses to this method MUST NOT be cached. - ---------------------- 8< ------------------------------ It should not be too hard to add this to ZPublisher.HTTPRequest, but I would want to enable it via zope.conf entry, and leave it disabled by default, as it reveals information about the servers' network / architecture which should not generally be available in production. Tres. - -- =============================================================== Tres Seaver tseaver@zope.com Zope Corporation "Zope Dealers" http://www.zope.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCMcO6GqWXf00rNCgRAon3AJ93tNJtNe8t9QRIYlOq60HcFgM/zwCgnBob gtsJDiH62L5qo6stTUvP0tU= =bcEP -----END PGP SIGNATURE-----
Jay Zeemer wrote at 2005-3-11 08:15 -0500:
Greetings All, In a lot of HTTP servers there is a method used for debugging sessions and such called TRACE. Does Zope support this?? And if so is it active, or inactive by default?? How can I turn this on and off??
It is implemented in "webdav.Resource.Resource". It raises a "Not Implemented" exception. -- Dieter
participants (4)
-
Chris Withers -
Dieter Maurer -
Jay Zeemer -
Tres Seaver