发表新帖
发表新帖

Disable all default HTTP error response content in Tomcat

后端 未结
关注
8 1405
感情败类
感情败类 2020-11-30 22:20

By default, Tomcat sends some HTML content back to the client if it encounters something like an HTTP 404. I know that via web.xml an

8条回答
  • 没有蜡笔的小新
    没有蜡笔的小新 (楼主)
    2020-11-30 22:43

    Although it's Servlet spec compliant, for security reasons I don't want tomcat or any other Servlet container to send error details. I struggled with this as well a bit. After searching and trying, the solution can be summed up as:

    1. as others mentioned, don't use sendError(), use setStatus() instead
    2. frameworks like e.g. Spring Security use sendError() though...
    3. write a Filter that
      a. redirects calls to sendError() to setStatus()
      b. flushes the response at the end to prevent the container from further modifying the response

    A little example servlet filter doing this can be found here.

    0 讨论(0)
 看不清?
提交回复
热议问题