https://bz.apache.org/bugzilla/show_bug.cgi?id=60039
Bug ID: 60039
Summary: Provide a switch to disable sending exception
stacktrace to client
Product: Tomcat 8
Version: 8.5.x-trunk
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: saschakarc...@gmx.de
In case a servlet throws an exception which runs through to the the container
the method org.apache.catalina.valves.ErrorReportValve#report is used to send a
generic error page to the client. This generic error page contains the
exception's stacktrace which is great for debugging and development.
This does of course not happen when appropriate <error-page>s have been defined
in the web app's deployment descriptor.
But in my scenario we do have lots of webapps. Some of them specify an
error-page for HTTP Status 500, some don't. So sometimes it happens that
stacktraces are sent to the client.
>From perspective of administration the easiest possibility to avoid this would
to have a configuration option which tells the generic error page whether to
include details about the exception or instead just contains a generic error
message like "Sorry. An internal server error occurred ..."
Wouldn't it be useful to have such a configuration option?
What do you guys think?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
