-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jeffrey,
On 3/7/2011 3:18 PM, Jeffrey Janner wrote:
> No one so far has mentioned it, but yes, you are seeing behavior as
> designed. The CONFIDENTIAL setting causes Tomcat to send a redirect
> to SSL if the request comes in on standard HTTP.
You mi
from the server.xml. However, leaving it this way
is a "nicety" for the end user.
Jeff
> -Original Message-
> From: Olivier Lefevre [mailto:lefev...@yahoo.com]
> Sent: Monday, March 07, 2011 4:16 AM
> To: users@tomcat.apache.org
> Subject: Forcing SSL use
>
Olivier Lefevre wrote:
On 3/7/2011 1:27 PM, Konstantin Kolinko wrote:
Why do you forbid HEAD? IMHO it should have the same constraints as
GET, because browsers use them together.
OK. That doesn't answer my question, though.
But in the meantime I realized that in the access log there are pairs
On 3/7/2011 1:27 PM, Konstantin Kolinko wrote:
Why do you forbid HEAD? IMHO it should have the same constraints as
GET, because browsers use them together.
OK. That doesn't answer my question, though.
But in the meantime I realized that in the access log there are pairs
of entries with status
2011/3/7 Olivier Lefevre :
> I put this in my webapp's web.xml, then intent being to
> allow GET and POST over https and nothing else:
>
>
>
> forbidden
> /*
> HEAD
> PUT
> DELETE
> OPTIONS
> TRACE
>
>
>
>
>
>
>
I put this in my webapp's web.xml, then intent being to
allow GET and POST over https and nothing else:
forbidden
/*
HEAD
PUT
DELETE
OPTIONS
TRACE
secure
/*
GET
POST
