Github user mike-jumper commented on a diff in the pull request: https://github.com/apache/guacamole-client/pull/252#discussion_r167104001 --- Diff: guacamole-common/src/main/java/org/apache/guacamole/servlet/GuacamoleHTTPTunnelServlet.java --- @@ -149,26 +149,23 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response) * @param response * The HTTP response to use to send the error. * - * @param guacStatus - * The status to send - * - * @param message - * A human-readable message that can be presented to the user. + * @param guacamoleException + * The exception that caused this error. * * @throws ServletException * If an error prevents sending of the error code. */ protected void sendError(HttpServletResponse response, - GuacamoleStatus guacStatus, String message) + GuacamoleException guacamoleException) throws ServletException { try { // If response not committed, send error code and message if (!response.isCommitted()) { - response.addHeader("Guacamole-Status-Code", Integer.toString(guacStatus.getGuacamoleStatusCode())); - response.addHeader("Guacamole-Error-Message", message); - response.sendError(guacStatus.getHttpStatusCode()); + response.addHeader("Guacamole-Status-Code", Integer.toString(guacamoleException.getStatus().getGuacamoleStatusCode())); + response.addHeader("Guacamole-Error-Message", guacamoleException.getMessage()); --- End diff -- The exception message should only be exposed via the `Guacamole-Error-Message` header when the exception itself deals with a client-side issue (any subclass of `GuacamoleClientException`). For other exceptions, the message should be assumed to contain internal information, and should not be forwarded along to the client. This is the reason for the difference in handling below, where "Internal server error" is explicitly substituted for the exception message if the exception is not a `GuacamoleClientException`.
---