ydodeja365 commented on PR #5205: URL: https://github.com/apache/hbase/pull/5205#issuecomment-1531676043
> Please provide steps on how the issue can be reproduced without your fix, so that this can be tested. I reproduced this issue by following these steps: - Enable SSL for HBase UI (in order to enable SNI check using SecureRequestCustomizer) - Send a curl request to any HBase UI endpoint explicitly providing the following host header: -H "Host: attackers.com" - Response will contain entire stack trace in old behaviour or if property is false, and will not contain stack trace if true -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@hbase.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org