Mercurial > hg > nginx-vendor-current

diff src/http/ngx_http_request.c @ 294:27d9d1f26b38 NGINX_0_5_17

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx 0.5.17 *) Change: now nginx always returns the 405 status for the TRACE method. *) Feature: now nginx supports the "include" directive inside the "types" block. *) Bugfix: the $document_root variable usage in the "root" and "alias" directives is disabled: this caused recursive stack overflow. *) Bugfix: in the HTTPS protocol in the "proxy_pass" directive. *) Bugfix: in some cases non-cachable variables (such as $uri variable) returned old cached value.
author Igor Sysoev <http://sysoev.ru>
date Mon, 02 Apr 2007 00:00:00 +0400
parents f745bf973510
children 30862655219e
line wrap: on
line diff
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -1267,6 +1267,13 @@ ngx_http_process_request_header(ngx_http
         return NGX_ERROR;
     }
 
+    if (r->method & (NGX_HTTP_TRACE)) {
+        ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+                      "client sent TRACE method");
+        ngx_http_finalize_request(r, NGX_HTTP_NOT_ALLOWED);
+        return NGX_ERROR;
+    }
+
     if (r->headers_in.transfer_encoding
         && ngx_strstr(r->headers_in.transfer_encoding->value.data, "chunked"))
     {