Error-code 405 missing in web.xml

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Error-code 405 missing in web.xml

isaac.danny.gloudemans
Hi,

We saw in the web.xml that the error code 405 is missing, this can be a problem because the response contains the Tomcat version now. Security-wise it would be better to return a customer error page, like dotCMS is doing for the 401, 403, 404,  500 and 503. There are two ways to resolve this:

1. Remove all error-page entries in the web.xml and replace this with the general error page:

    <error-page>
        <location>/html/error/custom-error-page.jsp</location>
    </error-page>

2. If dotCMS would not like to use the general error page they could add the 405:

    <error-page>
       <error-code>405</error-code>
       <location>/html/error/custom-error-page.jsp</location>
    </error-page>

Is there a reason that the 405 is missing in the web.xml?

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/d89e9bb2-4da5-4669-95e7-149b0ae89783%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Error-code 405 missing in web.xml

Falzone, Chris
Looks like it was just missed.  Please enter an issue into github for it and I am sure they'll address it as they can.

On Tue, Sep 12, 2017 at 6:51 AM <[hidden email]> wrote:
Hi,

We saw in the web.xml that the error code 405 is missing, this can be a problem because the response contains the Tomcat version now. Security-wise it would be better to return a customer error page, like dotCMS is doing for the 401, 403, 404,  500 and 503. There are two ways to resolve this:

1. Remove all error-page entries in the web.xml and replace this with the general error page:

    <error-page>
        <location>/html/error/custom-error-page.jsp</location>
    </error-page>

2. If dotCMS would not like to use the general error page they could add the 405:

    <error-page>
       <error-code>405</error-code>
       <location>/html/error/custom-error-page.jsp</location>
    </error-page>

Is there a reason that the 405 is missing in the web.xml?

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/d89e9bb2-4da5-4669-95e7-149b0ae89783%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/CAMAbHgUDeEecsMTpv59di%2B%3DbhXLWwe%2BOR_Sbpq7DjKi0kvaoyQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.