[Zope] Re: Does Zope support HTTP Trace method??

Tres Seaver tseaver at zope.com
Fri Mar 11 11:13:46 EST 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jay Zeemer wrote:

| In a lot of HTTP servers there is a method used for debugging
| sessions and such called TRACE. Does Zope support this?? And if so is
| it active, or inactive by default?? How can I turn this on and off??

For reference, here is what the HTTP 1.1 spec
(http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html$sec9.8) says:

- ----------------------  8<  ------------------------------
9.8 TRACE

The TRACE method is used to invoke a remote, application-layer loop-
back of the request message. The final recipient of the request SHOULD
reflect the message received back to the client as the entity-body of a
200 (OK) response. The final recipient is either the

origin server or the first proxy or gateway to receive a Max-Forwards
value of zero (0) in the request (see section 14.31). A TRACE request
MUST NOT include an entity.

TRACE allows the client to see what is being received at the other end
of the request chain and use that data for testing or diagnostic
information. The value of the Via header field (section 14.45) is of
particular interest, since it acts as a trace of the request chain. Use
of the Max-Forwards header field allows the client to limit the length
of the request chain, which is useful for testing a chain of proxies
forwarding messages in an infinite loop.

If the request is valid, the response SHOULD contain the entire request
message in the entity-body, with a Content-Type of "message/http".
Responses to this method MUST NOT be cached.
- ----------------------  8<  ------------------------------

It should not be too hard to add this to ZPublisher.HTTPRequest, but I
would want to enable it via zope.conf entry, and leave it disabled by
default, as it reveals information about the servers' network /
architecture which should not generally be available in production.


Tres.
- --
===============================================================
Tres Seaver                                tseaver at zope.com
Zope Corporation      "Zope Dealers"       http://www.zope.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCMcO6GqWXf00rNCgRAon3AJ93tNJtNe8t9QRIYlOq60HcFgM/zwCgnBob
gtsJDiH62L5qo6stTUvP0tU=
=bcEP
-----END PGP SIGNATURE-----

More information about the Zope mailing list