Hi Colm Let me check but I don't think so.
Can you please create a Jira ? I will fix that. Thanks ! Regards JB On Fri, May 17, 2024 at 12:39 PM Colm O hEigeartaigh <cohei...@apache.org> wrote: > > Hi, > > Is there a way to disable stack traces being returned with the HTTP > Transport. Using 5.18.x I configure AMQ with <transportConnector > name="http" uri="http://localhost:12345"/ > > Then with curl if I post some XML data I get: > > <html> > <head> > <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/> > <title>Error 500 > com.thoughtworks.xstream.security.ForbiddenClassException: > jdk.nashorn.internal.objects.NativeString</title> > </head> > <body><h2>HTTP ERROR 500 > com.thoughtworks.xstream.security.ForbiddenClassException: > jdk.nashorn.internal.objects.NativeString</h2> > <table> > <tr><th>URI:</th><td>/</td></tr> > <tr><th>STATUS:</th><td>500</td></tr> > <tr><th>MESSAGE:</th><td>com.thoughtworks.xstream.security.ForbiddenClassException: > jdk.nashorn.internal.objects.NativeString</td></tr> > <tr><th>SERVLET:</th><td>org.apache.activemq.transport.http.HttpTunnelServlet-1fdca564</td></tr> > <tr><th>CAUSED > BY:</th><td>com.thoughtworks.xstream.security.ForbiddenClassException: > jdk.nashorn.internal.objects.NativeString</td></tr> > </table> > <h3>Caused > by:</h3><pre>com.thoughtworks.xstream.security.ForbiddenClassException: > jdk.nashorn.internal.objects.NativeString > at > com.thoughtworks.xstream.security.NoTypePermission.allows(NoTypePermission.java:26) > > etc. > > It's a bad practice from a security point of view to return detailed > error messages to clients. I didn't see an obvious way of turning this > off though. > > Colm.
