Anonymous | Login | Signup for a new account | 12-17-2024 10:45 PST |
Main | My View | View Issues | Change Log | Docs |
Viewing Issue Advanced Details [ Jump to Notes ] | [ View Simple ] [ Issue History ] [ Print ] | ||||||||
ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
0006076 | [Resin] | minor | always | 07-27-17 09:40 | 11-21-17 09:42 | ||||
Reporter | stbu | View Status | public | ||||||
Assigned To | ferg | ||||||||
Priority | normal | Resolution | fixed | Platform | |||||
Status | closed | OS | |||||||
Projection | none | OS Version | |||||||
ETA | none | Fixed in Version | 4.0.54 | Product Version | 4.0.53 | ||||
Product Build | |||||||||
Summary | 0006076: Configuration of <error-page> for 400 Bad Request not working: Shows "unavailable due to ***an internal error***" | ||||||||
Description |
When <development-mode-error-page> is not enabled (as recommended on production systems) to hide stack trace information we are able to specify our own error pages such as for 404 Not Found errors for example with a Sitemap or for 500 errors, we can still show Users a page in the style of our App with contact details to open a ticket (for example). We would like to configure this also for 400 Bad Request which we see quite frequently in the logfiles. <error-page> <error-code>400</error-code> <location>/bad-request.jsp</location> </error-page> I have found Bug 0003008 where something similar was reported. My concern is that a request leading to a 400 Bad Request will be displayed quite ugly when <development-mode-error-page> is not enabled: <..> Server Error The server is temporarily unavailable due to an internal error. Please notify the system administrator of this problem. <..> It's a little bit better with "The request contains an illegal URL." when <development-mode-error-page> is enabled (dev_mode : true). ==> Would it be possible that Resin is using the error-page location when it is configured like this? <error-page> <error-code>400</error-code> <location>/bad-request.jsp</location> </error-page> BTW: For me the easiest way to get a 400 Bad Request (just for testing purposes) is to use ".." in front of any real file such as: http://caucho.com/resin-4.0/changes/..changes.xtp [^] |
||||||||
Steps To Reproduce | |||||||||
Additional Information | |||||||||
Attached Files | |||||||||
|
Notes | |
(0006781) ferg 08-14-17 15:22 |
server/1q51 Note: the error-page must be in the root web-app because the invalid URL detection is before web-app dispatch. |
Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
31 total queries executed. 27 unique queries executed. |