Forum:Server Question - HTTP Trace Supported?

I'm trying to emulate the W3Schools TryIt Editor via JavaScript. Being somewhat informed of XSS vulnerabilities, I Googled around and found that a server's support for HTTP Trace requests is a definite weakness in the idea (although dependent on the presence of some other weakness in the system). (See the last link for a description of the vulnerability.)

My question is this: Does the Wikia server(s) support HTTP Trace requests?

My implementation can be found at c:Javascript:Template:Editor/global.js.

Thanks for your time. --Jesdisciple (talk) 19:48, 30 September 2008 (UTC)


 * Yes, Wikia servers support HTTP TRACE:

TRACE / HTTP/1.1 Host: www.wikia.com Cookie: testcookie=value

HTTP/1.0 200 OK Date: Sun, 05 Oct 2008 09:20:13 GMT Server: Apache Content-Type: message/http X-Cache: MISS from www.wikia.com X-Cache-Lookup: NONE from www.wikia.com:80 X-Cache: MISS from www.wikia.com X-Cache-Lookup: NONE from www.wikia.com:80 Via: 1.0 cache1.sjc.wikia-inc.com:80 (squid/2.6.STABLE18), 1.0 cache2-carp.sjc.wikia-inc.com:80 (squid/2.6.STABLE16) Connection: close

TRACE / HTTP/1.0 Host: www.wikia.com Cookie: testcookie=value Via: 1.1 cache2-carp.sjc.wikia-inc.com:80 (squid/2.6.STABLE16), 1.0 cache1.sjc.wikia-inc.com:80 (squid/2.6.STABLE18) X-Forwarded-For: 213.98.218.227, 216.224.121.144 Connection: keep-alive --Ciencia Al Poder (talk) -WikiDex 09:34, 5 October 2008 (UTC)