You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by GitBox <gi...@apache.org> on 2020/01/10 11:35:08 UTC

[GitHub] [tomcat] markt-asf commented on issue #233: if TRACE is not allowed skip error page for such requests

markt-asf commented on issue #233: if TRACE is not allowed skip error page for such requests
URL: https://github.com/apache/tomcat/pull/233#issuecomment-573001161
 
 
   The Servlet specification requires that applications are given the opportunity to handle errors. There are no exceptions to this. Further, the Servlet specification requires that the original request and response are forwarded to the error page.
   It is the responsibility of any application error handler to ensure that it correctly handles a forwarded request with a method other than GET.
   This is an application version of CVE-2017-5664 and needs to be handled in the application.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org