Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Custom bad message error page


On Mon, Aug 7, 2023 at 4:49 PM Silvio Bierman
<sbierman@xxxxxxxxxxxxxxxxxx> wrote:
> Hello Simone,
> Thank you for the reply. We do not want to change the compliance, the
> error flagging is correct and desired. It is just that some potential
> user doing a pen-test on our system is objecting to the messages being
> generated. The SNI message contains "Caused by:
> org.eclipse.jetty.http.BadMessageException" which is information (Jetty)
> we are not allowed to disclose for security reasons. In general the want
> the ability to tweak all error messages generated by our application. We
> tried to offer that through the custom handler.

I'm not sure what you mean exactly by "The SNI message".
We typically don't send the exception type to the client, which should
just receive a 400.
Is it in the body of the 400?

Simone Bordet
Developer advice, training, services and support
from the Jetty & CometD experts.

Back to the top