[
https://issues.apache.org/jira/browse/SLING-12697?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Remo Liechti updated SLING-12697:
---------------------------------
Fix Version/s: Engine 3.0.0
> Potential origins of violations to the RequestDispatcher include API provides
> creates false positives on a committed response
> -----------------------------------------------------------------------------------------------------------------------------
>
> Key: SLING-12697
> URL: https://issues.apache.org/jira/browse/SLING-12697
> Project: Sling
> Issue Type: Improvement
> Components: Engine
> Reporter: Remo Liechti
> Assignee: Remo Liechti
> Priority: Minor
> Fix For: Engine 3.0.0, Engine 2.16.2
>
>
> For some edge cases, where a response was committed already (i.e. due to
> sendRedirect or send Error), misleading information is provided for content
> type header change violations (see SLING-12478).
> When reading [the servlet api
> spec|https://download.oracle.com/otndocs/jcp/servlet-3_1-fr-eval-spec/index.html],
> we can see that in 5.4 Convenience Methods, where we talk about
> {{sendRedirect}} and {{{}sendError{}}}:
> {noformat}
> These methods will have the side effect of committing the response, if it has
> not already been committed, and terminating it. No further output to the
> client should be made by the servlet after these methods are called. If data
> is written to the response after these methods are called, the data is
> ignored.{noformat}
> Right now, changes to content type header are ignored by the response
> implementation and comply the servlet api. However, when it comes to
> detection of a potential violation, a false positive is created. The log
> message shows a violation, even when the content type header is not changed
> afterwards.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
