markt-asf commented on issue #233: if TRACE is not allowed skip error page for such requests URL: https://github.com/apache/tomcat/pull/233#issuecomment-573001161 The Servlet specification requires that applications are given the opportunity to handle errors. There are no exceptions to this. Further, the Servlet specification requires that the original request and response are forwarded to the error page. It is the responsibility of any application error handler to ensure that it correctly handles a forwarded request with a method other than GET. This is an application version of CVE-2017-5664 and needs to be handled in the application.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
