tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Luehe <Jan.Lu...@Sun.COM>
Subject Re: cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/servlet JspServlet.java
Date Tue, 22 Jul 2003 01:36:37 GMT
>>   +
>>   +        /*
>>   +         * Add X-Powered-By header for JSP, if Catalina already 
>> added a
>>   +         * corresponding header for servlets
>>   +         */
>>   +        if (response.containsHeader("X-Powered-By")) {
>>   +        response.addHeader("X-Powered-By", "JSP/2.0");
>>   +        }
>>   +
> 
> 
> This is a pretty bad implementation IMO.
> What's the use of disabling this feature ?

The spec declares these headers as optional, which means Tomcat should 
make them configurable. Some sites may prefer not to include this 
information in their responses, for security reasons or whatever.

> -1 on the various flags and checks (just add the headers, without flags 
> and complexity). -0 if you can indicate a good reason for this.
> Also, you shouldn't add the JSP 2.0 header in JspServlet. If you 
> precompile, it's not called. Put it in HttpJspBase.

I had thought about adding the JSP 2.0 header in HttpJspBase, but then 
realized that the "extends" page directive allows you to specify the 
class that the generated servlet should extend, in which case 
HttpJspBase will be out of the picture. Do you have a better idea?


Jan



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message