OK, I see. Thanks for the clarification. Is there any chance to improve the error message or detect this situation? You wrote that this is a recommendation, and it worked with the old version. But the exception does not point to anything helpful for analysing this.
Best regards Wolfgang Am 20.10.24 um 11:02 schrieb Lukasz Lenart:
sob., 19 paź 2024 o 15:18 Wolfgang Knauf <wolfgang.kn...@gmx.de.invalid> napisał(a):I have a "index.jsp" and invoke an action using "s:action" tag, then render data from this action. In the browser I navigate to this jsp direcly ("http://localhost/index.jsp"; instead of browsing to ".../index.action").This is against our security recommendations and acceccing JSPs directly won't be supported because in such case all the framework guards are omitted https://struts.apache.org/security/#never-expose-jsp-files-directly Cheers Łukasz --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
--------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
