Closed markt-asf closed 1 year ago
In this task, is only forward to response the request headers? This is a Good First Issue???
This task is to ensure that sensitive headers as defined in RFC 9110 are not included in the legacy TRACE response implemented in HttpServlet#doTrace()
.
Yes this is a suitable first issue.
For bonus points, fix the separate problem that the current code doesn't handle headers that appear more than once.
https://www.rfc-editor.org/rfc/rfc9110.html#name-trace
The requirement was added in RFC 7231. It is not present in RFC 2616.