Hi - my IT department is upset about my implementation of trac because they don't like Error 500 headers getting sent if someone attempts an XSS attack.
I've been able to strip out trac's internal error reporting by editing the templates for errors. What I can't figure out is how to force trac/ apache to suppress the error 500 header or replace it with something different (404 perhaps) I have edited my apache httpd.conf to return the 404 response text on a 500, but this doesn't affect the headers sent by trac. Any ideas? I'm on 11.b2 fwiw, though I could downgrade/sidegrade/whatever if need be. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/trac-users?hl=en -~----------~----~----~----~------~----~------~--~---
