Hi all, after troubleshoting a problem with missing headers in an app respone i'm not sure if the behaviour that i'm seeing is a bug or the expected behaviour.
My configuration is fairly simple: httpd + mod_jk -> tomcat Versions: Apache/2.4.10 mod_jk/1.2.40 Tomcat/8.0.18 (I know i'm not using current versions, no time for now to upgrade this developement server.) This said, The particular rest app when called with certain parameters replies with a status code 401 and an additional custom header carriyng an error code, like this: HTTP/1.1 401 Unauthorized Server: Apache-Coyote/1.1 X-ERR-CODE: XXXXX-N Content-Type: text/html;charset=ISO-8859-1 Content-Length: XXXXX Date: Thu, 18 May 2017 11:17:10 GMT [BODY] When passing the request through httpd / mod_jk the custom headers are dropped. When instead calling directly Tomcat we get all the reply headers. Now, we're using the "use_server_errors=400" on our context definition in uriworkermaps.properties, dropping or setting it > 401 we get the custom headers. The documentation for that parameter is (from https://tomcat.apache.org/connectors-doc/reference/printer/uriworkermap.html ): === The extension use_server_errors allows to let the web server send an error page, instead of the backend (e.g. Tomcat) error page. This is useful, if one wants to send customized error pages, but those are not part of all web applications. They can then be put onto the web server. The value of use_server_errors is a positive number. Any request send to the backend, that returns with an http status code bigger or equal to use_server_errors, will be answered to the client with the error page of the web server for this status code. === So no mention of headers, searching HTTP RFC's on 401 status code i found no indication in this case either. Searching around i found this: https://bz.apache.org/bugzilla/show_bug.cgi?id=51253 seems the header get's dropped here: /* ========================================================================= */ /* JK Service step callbacks */ /* ========================================================================= */ static int JK_METHOD ws_start_response(jk_ws_service_t *s, int status, const char *reason, const char *const *header_names, const char *const *header_values, unsigned num_of_headers) { unsigned h; apache_private_data_t *p = s->ws_private; request_rec *r = p->r; /* If we use proxy error pages, still pass * through context headers needed for special status codes. */ if (s->extension.use_server_error_pages && status >= s->extension.use_server_error_pages) { if (status == HTTP_UNAUTHORIZED) { int found = JK_FALSE; for (h = 0; h < num_of_headers; h++) { if (!strcasecmp(header_names[h], "WWW-Authenticate")) { char *tmp = apr_pstrdup(r->pool, header_values[h]); apr_table_set(r->err_headers_out, "WWW-Authenticate", tmp); found = JK_TRUE; } } if (found == JK_FALSE) { jk_server_conf_t *xconf = (jk_server_conf_t *) ap_get_module_config(r->server->module_config, &jk_module); jk_log(xconf->log, JK_LOG_INFO, "origin server sent 401 without" " WWW-Authenticate header"); } } return JK_TRUE; } [...] For how i read the code, in the 401 case you deliberately dropp all but the WWW-Authenticate header. I'm curious what's the reason behind this behaviour? --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org