[
https://issues.apache.org/jira/browse/SLING-12958?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Remo Liechti updated SLING-12958:
---------------------------------
Description:
According to the [servlet api
specification|https://jakarta.ee/specifications/servlet/6.0/jakarta-servlet-spec-6.0#the-include-method],
the include servlet:
{noformat}
cannot set headers or call any method that affects the headers of the
response{noformat}
This means that methods like sendError() and sendRedirect() are not allowed to
be used during an include. Those methods change the status and commit the
response, which both are headers being changed. As well as resetting the
response, which changes headers like content type back to null.
Instead, those methods must throw IOExceptions for non-404, and for 404
{noformat}
RequestDispatch.include() and the requested resource does not exist, then the
default servlet MUST throw FileNotFoundException{noformat}
This will also improve the content header change violation reporting for cases
where the error handling 404.jsp is called and sets the header to text/html;
with the current implementation, a violation will be triggered: "404.jsp tried
to change the content type header from null to text/html"
was:
According to the [servlet api
specification|https://jakarta.ee/specifications/servlet/6.0/jakarta-servlet-spec-6.0#the-include-method],
the include servlet:
{noformat}
It cannot set headers or call any method that affects the headers of the
response{noformat}
This means that methods like sendError() and sendRedirect() are not allowed to
be used during an include. Those methods change the status and commit the
response, which both are headers being changed. As well as resetting the
response, which changes headers like content type back to null.
Instead, those methods must throw IOExceptions for non-404, and for 404
{noformat}
RequestDispatch.include() and the requested resource does not exist, then the
default servlet MUST throw FileNotFoundException{noformat}
This will also improve the content header change violation reporting for cases
where the error handling 404.jsp is called and sets the header to text/html;
with the current implementation, a violation will be triggered: "404.jsp tried
to change the content type header from null to text/html"
> sendError() must not be allowed during include
> ----------------------------------------------
>
> Key: SLING-12958
> URL: https://issues.apache.org/jira/browse/SLING-12958
> Project: Sling
> Issue Type: Bug
> Components: Engine
> Affects Versions: Engine 3.0.0, Engine 2.16.6
> Reporter: Remo Liechti
> Assignee: Carsten Ziegeler
> Priority: Major
>
> According to the [servlet api
> specification|https://jakarta.ee/specifications/servlet/6.0/jakarta-servlet-spec-6.0#the-include-method],
> the include servlet:
> {noformat}
> cannot set headers or call any method that affects the headers of the
> response{noformat}
> This means that methods like sendError() and sendRedirect() are not allowed
> to be used during an include. Those methods change the status and commit the
> response, which both are headers being changed. As well as resetting the
> response, which changes headers like content type back to null.
>
> Instead, those methods must throw IOExceptions for non-404, and for 404
>
> {noformat}
> RequestDispatch.include() and the requested resource does not exist, then the
> default servlet MUST throw FileNotFoundException{noformat}
> This will also improve the content header change violation reporting for
> cases where the error handling 404.jsp is called and sets the header to
> text/html; with the current implementation, a violation will be triggered:
> "404.jsp tried to change the content type header from null to text/html"
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
