Carsten Ziegeler created SLING-11702:
----------------------------------------
Summary: Prevent wrong handling of error handlers
Key: SLING-11702
URL: https://issues.apache.org/jira/browse/SLING-11702
Project: Sling
Issue Type: Improvement
Components: Engine, Servlets
Reporter: Carsten Ziegeler
Assignee: Carsten Ziegeler
Fix For: Engine 2.13.0, Servlets Resolver 2.10.0
As documented in
https://sling.apache.org/documentation/the-sling-engine/errorhandling.html#resetting-the-response
when implementing a customer error handler it is up to the implementation to
check whether a response is committed, and to reset the response. If this is
not done by the error handler this can result in wrong responses back to the
client.
We can make it easier for error handlers, by checking whether the response is
already committed and only invoke the error handler if not. And in that case
first reset the response. This avoids to rely on the implementor of the error
handler doing the right thing but will also not break existing error handlers.
In addition, we should only invoke error handlers if the current response is
not an include - in the case of an include the exception should be propagated
up the call chain. According to the servlet spec includes are not allowed to
set headers or reset the response.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
