[ https://issues.apache.org/jira/browse/MYFACES-3538?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dora Rajappan updated MYFACES-3538: ----------------------------------- Status: Patch Available (was: Open) > Boguous implementation of the HTTP OPTIONS method > ------------------------------------------------- > > Key: MYFACES-3538 > URL: https://issues.apache.org/jira/browse/MYFACES-3538 > Project: MyFaces Core > Issue Type: Bug > Components: JSR-314 > Affects Versions: 2.1.7 > Reporter: Mark Struberg > > My colleague Christoph Ledl found the following issue in MyFaces: > ---- > Wrong implementation of the OPTIONS method > FacesServlet does not handle OPTIONS (and possilby other methods) correctly. > It looks like these request are processed like a GET, which is wrong. > the implementation of FacesServlet.service() does not deal with methods. > one cheap fix would be to send 405 (SC_METHOD_NOT_ALLOWED) for all > unsupported methods like TRACE and OPTIONS. > another approach would to extend HttpServlet (instead of implementing Servlet) > and implement only required methods like GET and POST (this would leave the > other methods to the default implementation) > citeation of HttpServlet java doc: > There's almost no reason to override the "service" method. > Likewise, there's almost no reason to override the "doOptions" and "doTrace" > methods. > --- > This materializes in the following Exception: > Feb 28 17:48:13 j04 [http-8080-exec-14] ERROR log.LogFilter j04 0 > 43396625FA6E47DF1C03B12B60BF request done OPTIONS > /events/ical.xhtml?locale=de&token=488d-1-b7da-f29fcf074 time=749.16ms > cpu=610ms ex=IllegalStateException msg=null > UA=Microsoft-WebDAV-MiniRedir/6.1.7601 > Feb 28 17:48:13 j04 [http-8080-exec-14] INFO log.LogFilter params: > token=48b0368d-b7da-f2974 locale=de > Feb 28 17:48:13 j04 [http-8080-exec-14] ERROR [/events].[Faces Servlet] > Servlet.service() for servlet Faces Servlet threw exception > Feb 28 17:48:13 j04 java.lang.IllegalStateException > Feb 28 17:48:13 j04 at > org.apache.catalina.connector.ResponseFacade.sendRedirect(ResponseFacade.java:435) > Feb 28 17:48:13 j04 at > org.apache.myfaces.context.servlet.ServletExternalContextImpl.redirect(ServletExternalContextImpl.java:465) > Feb 28 17:48:13 j04 at > org.apache.myfaces.extensions.cdi.jsf.impl.scope.conversation.DefaultWindowHandler.sendRedirect(DefaultWindowHandler.java:104) > Feb 28 17:48:13 j04 at > sun.reflect.GeneratedMethodAccessor1600.invoke(Unknown Source) > Feb 28 17:48:13 j04 at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > Feb 28 17:48:13 j04 at java.lang.reflect.Method.invoke(Method.java:597) > Feb 28 17:48:13 j04 at > org.apache.webbeans.intercept.InterceptorHandler.invoke(InterceptorHandler.java:329) > Feb 28 17:48:13 j04 at > org.apache.webbeans.intercept.NormalScopedBeanInterceptorHandler.invoke(NormalScopedBeanInterceptorHandler.java:122) > Most times this method gets used by mobile browsers in smartphones. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira