https://bz.apache.org/bugzilla/show_bug.cgi?id=65901
Bug ID: 65901
Summary: HTTP 401 response for a HEAD request violates HTTP
spec by including a body
Product: Tomcat Connectors
Version: 1.2.48
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_jk
Assignee: dev@tomcat.apache.org
Reporter: ste...@mayr-stefan.de
Target Milestone: ---
Under a certain condition mod_jk seems to be responsible for returning a
request body on a HEAD request which violates the HTTP spec.
Conditions:
- the response has a HTTP 401 status code
- an ErrorDocument is defined for a 401
- the path to this ErrorDocument makes use of an Alias directive
Example configuration:
Alias /error/ "/usr/share/apache2/error/"
ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
JkMount /demo/* ajp13_worker
Debugging so far has shown that
- this issue does not exist for other status codes like 404 or 500
- the response body does not come from the Tomcat AJP connector
- the issue disappears if we either comment out the Alias or ErrorDocument
directive
- if we use ;use_server_errors=401 with the JkMount Apache httpd generates the
correct response
- this affects mod_jk 1.2.43, 1.2.46 and 1.2.48
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
