joeweder wrote: > I have PUTs disabled but they are still being published as supported in > response to the OPTIONS method.
Which is correct as per the HTTP spec. > Allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS > Server: Apache-Coyote/1.1 > > Actually doing a PUT returns a 403. But "in-house" security scanner just > looks at response from the OPTIONS method. Then your security scanner needs to be fixed. > Is there any way to get Tomcat 6 from responding to the OPTIONS that it > supports the PUT? You would need to provide your own DefaultServlet implementation. You should be able to take Tomcat's and override the appropriate method. Alternatively, you should be able to achieve the same effect with a Filter and a wrapped response. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
