Phil Zampino created KNOX-1316:
----------------------------------
Summary: API 404 responses should not contain server details
Key: KNOX-1316
URL: https://issues.apache.org/jira/browse/KNOX-1316
Project: Apache Knox
Issue Type: Bug
Components: Server
Affects Versions: 1.0.0
Reporter: Phil Zampino
Fix For: 1.1.0
For an invalid resource request, which results in a 404 response:
{noformat}
GET /gatewayipxllql46j/manager/api/v1/topologies/my-new-desc{noformat}
Knox currently returns some server details and the request URL.
{noformat}
HTTP/1.1 404 Not Found
Date: Thu, 10 May 2018 12:16:13 GMT
Cache-Control: must-revalidate,no-cache,no-store
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 333
Connection: close
Server: Jetty(9.2.15.v20160210)
<html><head><meta http-equiv="Content-Type"
content="text/html;charset=ISO-8859-1"/><title>Error 404
</title></head><body><h2>HTTP ERROR: 404</h2><p>Problem accessing
/gatewayipxllql46j/manager/api/v1/topologies/my-new-desc. Reason:<pre> Not
Found</pre></p><hr /><i><small>Powered by
Jetty://</small></i></body></html>{noformat}
Generic responses are preferred for security reasons, and Jetty should support
the configuration of such a generic response for these cases.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
