cocoon-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From anathan...@apache.org
Subject svn commit: r219901 - in /cocoon/branches/BRANCH_2_1_X: src/java/org/apache/cocoon/servlet/CocoonServlet.java src/webapp/WEB-INF/web.xml status.xml
Date Wed, 20 Jul 2005 14:03:37 GMT
Author: anathaniel
Date: Wed Jul 20 07:03:36 2005
New Revision: 219901

URL: http://svn.apache.org/viewcvs?rev=219901&view=rev
Log:
Added parameter "show-cocoon-version" to web.xml for configuring whether X-Cocoon-Version
response header should be sent.  Default is true.

Bugzilla #33388

Modified:
    cocoon/branches/BRANCH_2_1_X/src/java/org/apache/cocoon/servlet/CocoonServlet.java
    cocoon/branches/BRANCH_2_1_X/src/webapp/WEB-INF/web.xml
    cocoon/branches/BRANCH_2_1_X/status.xml

Modified: cocoon/branches/BRANCH_2_1_X/src/java/org/apache/cocoon/servlet/CocoonServlet.java
URL: http://svn.apache.org/viewcvs/cocoon/branches/BRANCH_2_1_X/src/java/org/apache/cocoon/servlet/CocoonServlet.java?rev=219901&r1=219900&r2=219901&view=diff
==============================================================================
--- cocoon/branches/BRANCH_2_1_X/src/java/org/apache/cocoon/servlet/CocoonServlet.java (original)
+++ cocoon/branches/BRANCH_2_1_X/src/java/org/apache/cocoon/servlet/CocoonServlet.java Wed
Jul 20 07:03:36 2005
@@ -165,6 +165,8 @@
      */
     protected boolean hiddenShowTime;
 
+    /** Flag to enable/disable X-Cocoon-Version header */
+    private boolean showCocoonVersion;
 
     /**
      * Default value for {@link #enableUploads} parameter (false)
@@ -468,6 +470,8 @@
             }
         }
 
+        this.showCocoonVersion = getInitParameterAsBoolean("show-cocoon-version", true);
+
         parentComponentManagerClass = getInitParameter("parent-component-manager", null);
         if (parentComponentManagerClass != null) {
             int dividerPos = parentComponentManagerClass.indexOf('/');
@@ -1035,7 +1039,9 @@
         stopWatch.start();
 
         // add the cocoon header timestamp
-        res.addHeader("X-Cocoon-Version", Constants.VERSION);
+        if (this.showCocoonVersion) {
+            res.addHeader("X-Cocoon-Version", Constants.VERSION);
+        }
 
         // get the request (wrapped if contains multipart-form data)
         HttpServletRequest request;

Modified: cocoon/branches/BRANCH_2_1_X/src/webapp/WEB-INF/web.xml
URL: http://svn.apache.org/viewcvs/cocoon/branches/BRANCH_2_1_X/src/webapp/WEB-INF/web.xml?rev=219901&r1=219900&r2=219901&view=diff
==============================================================================
--- cocoon/branches/BRANCH_2_1_X/src/webapp/WEB-INF/web.xml (original)
+++ cocoon/branches/BRANCH_2_1_X/src/webapp/WEB-INF/web.xml Wed Jul 20 07:03:36 2005
@@ -322,6 +322,18 @@
     -->
 
     <!--
+      Whether or not the X-Cocoon-Version response header will be included.
+      This is true by default, but there may be some circumstances when it
+      is not desired (e.g. "information hiding" for added security, or if
+      using jsp:include with Cocoon-generated pages produces a "response is
+      already committed" error).
+    -->
+    <init-param>
+      <param-name>show-cocoon-version</param-name>
+      <param-value>true</param-value>
+    </init-param>
+
+    <!--
        If true or not set, this class will try to catch and handle all Cocoon
        exceptions. If false, it will rethrow them to the servlet container.
     -->

Modified: cocoon/branches/BRANCH_2_1_X/status.xml
URL: http://svn.apache.org/viewcvs/cocoon/branches/BRANCH_2_1_X/status.xml?rev=219901&r1=219900&r2=219901&view=diff
==============================================================================
--- cocoon/branches/BRANCH_2_1_X/status.xml (original)
+++ cocoon/branches/BRANCH_2_1_X/status.xml Wed Jul 20 07:03:36 2005
@@ -196,6 +196,12 @@
 
   <changes>
   <release version="@version@" date="@date@">
+    <action dev="AN" type="add" fixes-bug="33388" due-to="Andrew Stevens" due-to-email="ats37@hotmail.com">
+      Added parameter "show-cocoon-version" to web.xml for configuring whether X-Cocoon-Version
+      response header should be sent.  Default is true.
+      In a security paranoid environment you may want to set it to false in order to hide
from
+      the outside world which Cocoon version you are running.
+    </action>
     <action dev="AN" type="add" fixes-bug="35228" due-to="Jochen Kuhnle" due-to-email="werbung@kuhnle.net">
       XSP block: Added short-cut notation {#expr} for interpolation of
       XSP expressions in attribute values and text nodes.



Mime
View raw message