https://bz.apache.org/bugzilla/show_bug.cgi?id=63905
--- Comment #19 from Christopher Schultz ---
(In reply to Michael Osipov from comment #18)
> (In reply to Christopher Schultz from comment #17)
> > (In reply to Michael Osipov from comment #15)
> > > (In reply to Christopher Schultz from
https://bz.apache.org/bugzilla/show_bug.cgi?id=63905
--- Comment #18 from Michael Osipov ---
(In reply to Christopher Schultz from comment #17)
> (In reply to Michael Osipov from comment #15)
> > (In reply to Christopher Schultz from comment #14)
> > > This should all really be replaced by
https://bz.apache.org/bugzilla/show_bug.cgi?id=63905
--- Comment #17 from Christopher Schultz ---
(In reply to Michael Osipov from comment #15)
> (In reply to Christopher Schultz from comment #14)
> > This should all really be replaced by external stylesheets, for a few
> > reasons:
> >
> > 1.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63905
Michael Osipov changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bz.apache.org/bugzilla/show_bug.cgi?id=63905
--- Comment #15 from Michael Osipov ---
(In reply to Christopher Schultz from comment #14)
> (In reply to Michael Osipov from comment #13)
> > I don't see how "securing the ErrorReportValve" is related to the served
> > CSS.
>
> It's a
https://bz.apache.org/bugzilla/show_bug.cgi?id=63905
--- Comment #14 from Christopher Schultz ---
(In reply to Michael Osipov from comment #13)
> I don't see how "securing the ErrorReportValve" is related to the served CSS.
It's a *thin* argument related to fingerprinting the server's version.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63905
--- Comment #13 from Michael Osipov ---
I don't see how "securing the ErrorReportValve" is related to the served CSS.
However, I have found a few more nits I am going through locally now where the
CSS will now cleanly apply to the
https://bz.apache.org/bugzilla/show_bug.cgi?id=63905
--- Comment #12 from Mark Thomas ---
Probably not. The argument against it was made in bug 56383. I'm not convinced.
--
You are receiving this mail because:
You are the assignee for the bug.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63905
--- Comment #11 from Remy Maucherat ---
(In reply to Christopher Schultz from comment #10)
> CSS is not a requirement for a valid HTML document. There is no conflict
> between removing CSS entirely and returning a valid HTML document along
https://bz.apache.org/bugzilla/show_bug.cgi?id=63905
--- Comment #10 from Christopher Schultz ---
(In reply to Michael Osipov from comment #6)
> (In reply to Christopher Schultz from comment #4)
> > Or we could just drop the CSS because... who cares? If the response entity
> > is >
https://bz.apache.org/bugzilla/show_bug.cgi?id=63905
--- Comment #9 from Michael Osipov ---
I have uploaded a branch for this, changelog edit is pending. Please have a
look. It works for me in Firefox and Edge for the Valve and the DefaultServlet
with listing on.
--
You are receiving this mail
https://bz.apache.org/bugzilla/show_bug.cgi?id=63905
--- Comment #8 from Remy Maucherat ---
(In reply to Mark Thomas from comment #2)
> I have a preference for fixing the docs but am happy to support any
> reasonable solution that means the behaviour and the docs are consistent.
+1 for fixing
https://bz.apache.org/bugzilla/show_bug.cgi?id=63905
--- Comment #7 from Michael Osipov ---
Please also note that TomcatCSS.TOMCAT_CSS is also used in the DefaultServlet.
We either split with common parts or we stay on one and may server rules which
do not apply to the error report. I would
https://bz.apache.org/bugzilla/show_bug.cgi?id=63905
--- Comment #6 from Michael Osipov ---
(In reply to Christopher Schultz from comment #4)
> Or we could just drop the CSS because... who cares? If the response entity
> is lang="??">ErrorError html> then it's fine. No styling is necessary for
https://bz.apache.org/bugzilla/show_bug.cgi?id=63905
--- Comment #5 from Mark Thomas ---
(In reply to Michael Osipov from comment #3)
> (In reply to Mark Thomas from comment #2)
> > For the record:
> >
> > The CSS was removed when showServerInfo and showReport are both false for
> > debatable
https://bz.apache.org/bugzilla/show_bug.cgi?id=63905
--- Comment #4 from Christopher Schultz ---
Or we could just drop the CSS because... who cares? If the response entity is
ErrorError
then it's fine. No styling is necessary for such a minimal page.
--
You are receiving this mail because:
You
https://bz.apache.org/bugzilla/show_bug.cgi?id=63905
--- Comment #3 from Michael Osipov ---
(In reply to Mark Thomas from comment #2)
> For the record:
>
> The CSS was removed when showServerInfo and showReport are both false for
> debatable security reasons as part of bug 58383.
Are you
https://bz.apache.org/bugzilla/show_bug.cgi?id=63905
--- Comment #2 from Mark Thomas ---
For the record:
The CSS was removed when showServerInfo and showReport are both false for
debatable security reasons as part of bug 58383.
The CSS was restored in all cases as part of bug 60490.
I have a
https://bz.apache.org/bugzilla/show_bug.cgi?id=63905
Michael Osipov changed:
What|Removed |Added
CC||micha...@apache.org
--- Comment #1
https://bz.apache.org/bugzilla/show_bug.cgi?id=63905
Christopher Schultz changed:
What|Removed |Added
Keywords||Beginner
--
You are receiving
20 matches
Mail list logo