On 23/01/2014 14:57, Stephan Fletcher wrote: > Any help would be greatly appreciated
<rant> Buy a better vulnerability scanner. Specifically, one understands that an OPTIONS request returns the methods that are *available* not the methods that are *permitted*. </rant> Assuming you haven't changed Tomcat's default configuration any attempt to actually PUT or DELETE a resource will be denied. I have a recollection that we changed the implementation of the OPTIONS request to try and help with this sort of thing. Scratch that. That was for TRACE which won't be included in an OPTIONS response unless Tomcat can confirm that it has been explicitly enabled in the Connector. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
