Feature #553

Disable HEAD requests by default and add option to enable them

Added by Chad Trabant over 7 years ago. Updated over 7 years ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:


Currently the WSS (due to Jersey) accepts HTTP HEAD requests and performs the corresponding GET request but does not transmit the entity-body. This means the handler is executed but the data from the handler is not consumed, leaving the handler without a way to send the data and probably hanging (definitely hanging in the case of the DMC's handler).

Two concrete actions:

a) Change WSS to (by default) reject HEAD requests with an HTTP 403 (Forbidden) response.

b) Add a config option of headEnabled that takes true or false for enabling HEAD requests, when enabled the WSS will add an --HEAD argument for command line handlers. (this is analogous to the addition of --STDIN when the request is a POST and the postEnabled option is true).

One extra action:

Somehow the handler is left running even though the WSS (presumably) closes the connection (from the client perspective the connection is definitely closed). We should make sure the WSS kills any handler processes whenever the connection is closed.


#1 Updated by Mike Stults over 7 years ago

For HEAD request, webserviceshell will now do preliminary parameter validation only and return a respective HTTP status, a 200 if parameters are valid. No handling process will be started. It was determined that there was no need to make this optional, this is now standard behavior.

This is released in 1.1.7

#2 Updated by Chad Trabant over 7 years ago

  • Resolution set to Fixed
  • Target version set to 1.1.7
  • Status changed from New to Closed

Fixed in 1.1.7 already released.

Also available in: Atom PDF