Hi, On Mon, Aug 7, 2023 at 4:49 PM Silvio Bierman <sbier...@jambo-software.com> wrote: > > Hello Simone, > > Thank you for the reply. We do not want to change the compliance, the > error flagging is correct and desired. It is just that some potential > user doing a pen-test on our system is objecting to the messages being > generated. The SNI message contains "Caused by: > org.eclipse.jetty.http.BadMessageException" which is information (Jetty) > we are not allowed to disclose for security reasons. In general the want > the ability to tweak all error messages generated by our application. We > tried to offer that through the custom handler.
I'm not sure what you mean exactly by "The SNI message". We typically don't send the exception type to the client, which should just receive a 400. Is it in the body of the 400? Simone Bordet ---- http://cometd.org http://webtide.com Developer advice, training, services and support from the Jetty & CometD experts. _______________________________________________ jetty-users mailing list jetty-users@eclipse.org To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
