Remo Liechti created SLING-12844:
------------------------------------
Summary: Potential origins of violations to the RequestDispatcher
include API skips too many on committed responses
Key: SLING-12844
URL: https://issues.apache.org/jira/browse/SLING-12844
Project: Sling
Issue Type: Improvement
Components: Engine
Reporter: Remo Liechti
Assignee: Remo Liechti
Fix For: Engine 3.0.0, Engine 2.16.2
For some edge cases, where a response was committed already (i.e. due to
sendRedirect or send Error), misleading information is provided for content
type header change violations (see SLING-12478).
When reading [the servlet api
spec|https://download.oracle.com/otndocs/jcp/servlet-3_1-fr-eval-spec/index.html],
we can see that in 5.4 Convenience Methods, where we talk about
{{sendRedirect}} and {{{}sendError{}}}:
{noformat}
These methods will have the side effect of committing the response, if it has
not already been committed, and terminating it. No further output to the client
should be made by the servlet after these methods are called. If data is
written to the response after these methods are called, the data is
ignored.{noformat}
Right now, changes to content type header are ignored by the response
implementation and comply the servlet api. However, when it comes to detection
of a potential violation, a false positive is created. The log message shows a
violation, even when the content type header is not changed afterwards.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
