dev@glassfish.java.net

changing the default value of trace-enabled

From: Justin Lee <justin.d.lee_at_oracle.com>
Date: Wed, 20 Oct 2010 09:43:30 -0400

  Currently the default for trace-enabled is "true" which means that we
allow TRACE requests by default. Most of the information about apache
httpd considering this method strongly suggests disallowing it. In
fact, by default httpd has this disabled due to potential security
issues surrounding it. I'd like to similarly change this default to
false for GlassFish. However, this is a change in the default behavior
and might be subject to CCC approval. If this is case, I'd like to set
up that meeting to make the case for this. If it's not, or if no one
objects, I can make this change with the 1.9.22 integration of grizzly.