tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: "exception-message" header reveals path to document root in 404 response.
Date Sat, 11 Jan 2014 14:25:18 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

August,

On 1/10/14, 7:48 PM, August Kleimo wrote:
> Hi All,  Thanks for all your replies.  Turns out it was in fact
> Railo.  I searched the Railo repo on GitHub and found a reference
> to that header.  I was able to overwrite it with a blank string
> using this line of code.
> 
> <cfset
> getPageContext().getResponse().setHeader("exception-message","")>

There's a better option for you that will be less fragile: write a
Filter that wraps your response with a HttpServletResponse which
ignores all attempts to set the "exception-message" header.

This is better than your approach because it will prevent the header
from ever being set rather than going back to fix it up. It will even
work in cases where the header has been set and the response has been
committed to the client before your fix-up code runs.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJS0VROAAoJEBzwKT+lPKRYQ5UQAJBInBzNJ7wlDrkZQXMEK0HD
Wju+4Q9QDsF4HGjUcUJ0w1+mZy2QEZCZMYQpGDHS6SIPaH7HFxOpOTm/vThrl2aV
HOdWPAZGGH5j+fMLFeBEmx+/wGPm3U4J68q1IE8WedexXzASXRCrfdxebg0LABee
4lmMYwRFZRoIxT0q/lf4rI+3D2mUQEbINZ0EO1BZdVD73cb/Oa7AIjPd7TM72BTZ
jkvnvB/4Uj+PSGLzzNX8p85H9zzYC4pFfRCTI2LnKzC6kHP26jSRaiPRu3YeEXby
0clM1Nbw12zU023CqQgVc+C32bzF8yO0U6C3AZ6Q4/UIUiZAnUbU5eFb4J6rTsFN
8KyLplJlJCpjh/8423DhIgKB8HhBzy8X72YDX2EMw/0GA0JQ1bOXinZBlxj6Qnkh
id6+8o8fAnwEZkz71pk6Q3GpgM+6lfxBHA8UZLeBzIOTjiGuI8LWkZIweIRonPxu
D/OEaswqyuaqMOHvM3ysn8LogykRvQTfPDOhDMdmQ2Qjds1ouynRbVraQj2V4Zbk
ovQL7W1ZSJLXYP5yACTl9UErzMIW9P+hV9wlNS9Ui5T+PjoL41e5hkpaidn64QoZ
XiS8FAeRSqXHmIdZI6OPmvLJDP8D6SS/Cuzld9jPttTVNH0TR44FUAQ21DaVz7DR
xDlVBoVIeSH+YF3DVE0i
=TIZV
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message