Thanks JB, here it is: https://issues.apache.org/jira/browse/AMQ-9503
Colm. On Fri, May 17, 2024 at 5:22 PM Jean-Baptiste Onofré <j...@nanthrax.net> wrote: > > Hi Colm > > Let me check but I don't think so. > > Can you please create a Jira ? I will fix that. > > Thanks ! > Regards > JB > > On Fri, May 17, 2024 at 12:39 PM Colm O hEigeartaigh > <cohei...@apache.org> wrote: > > > > Hi, > > > > Is there a way to disable stack traces being returned with the HTTP > > Transport. Using 5.18.x I configure AMQ with <transportConnector > > name="http" uri="http://localhost:12345"/ > > > > Then with curl if I post some XML data I get: > > > > <html> > > <head> > > <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/> > > <title>Error 500 > > com.thoughtworks.xstream.security.ForbiddenClassException: > > jdk.nashorn.internal.objects.NativeString</title> > > </head> > > <body><h2>HTTP ERROR 500 > > com.thoughtworks.xstream.security.ForbiddenClassException: > > jdk.nashorn.internal.objects.NativeString</h2> > > <table> > > <tr><th>URI:</th><td>/</td></tr> > > <tr><th>STATUS:</th><td>500</td></tr> > > <tr><th>MESSAGE:</th><td>com.thoughtworks.xstream.security.ForbiddenClassException: > > jdk.nashorn.internal.objects.NativeString</td></tr> > > <tr><th>SERVLET:</th><td>org.apache.activemq.transport.http.HttpTunnelServlet-1fdca564</td></tr> > > <tr><th>CAUSED > > BY:</th><td>com.thoughtworks.xstream.security.ForbiddenClassException: > > jdk.nashorn.internal.objects.NativeString</td></tr> > > </table> > > <h3>Caused > > by:</h3><pre>com.thoughtworks.xstream.security.ForbiddenClassException: > > jdk.nashorn.internal.objects.NativeString > > at > > com.thoughtworks.xstream.security.NoTypePermission.allows(NoTypePermission.java:26) > > > > etc. > > > > It's a bad practice from a security point of view to return detailed > > error messages to clients. I didn't see an obvious way of turning this > > off though. > > > > Colm.
