[
https://issues.apache.org/jira/browse/WINK-76?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12730834#action_12730834
]
Bryant Luk commented on WINK-76:
--------------------------------
Dims,
Sure. I'll re-add the original comment.
Original comment:
Can we make the X-Method-Override and X-HTTP-Method-Override behavior
configurable?
I believe that the current behavior in ServerMessageContext allows a request to
come in as a GET through the container and we honor the headers (as expected).
I haven't dealt that much with security, but I think if a developer set
security constraints via the container's security config (web.xml or whatever)
for POST requests, you could bypass this security constraint and any associated
container rules for it.
Greg and Nick were discussing if adding support for the headers by default was
a good idea weeks ago so having a similar discussion out here would be good too.
> X-Method-Override and X-Http-Method-Override behavior
> -----------------------------------------------------
>
> Key: WINK-76
> URL: https://issues.apache.org/jira/browse/WINK-76
> Project: Wink
> Issue Type: Bug
> Components: Server
> Affects Versions: 0.1
> Reporter: Bryant Luk
>
> Need to discuss X-Method-Override and X-Http-Method-Override behavior.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
