[
https://issues.apache.org/jira/browse/SLING-12845?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Remo Liechti updated SLING-12845:
---------------------------------
Description: Buffersize is not a header and therefore must not be
protected:
https://github.com/apache/sling-org-apache-sling-engine/blob/engine-2.x/src/main/java/org/apache/sling/engine/impl/SlingHttpServletResponseImpl.java#L263
(was: See related issue SLING-12697 that has weakened the checks for
committed responses to not flag cases for {{sendRedirect}} and {{sendError.}}
However, this check is not sufficient enough. In cases where the response is
committed for other reasons than sendRedirect or sendError, violations still
need to be flagged.
The check needs to distinguish the cases of sendRedirect and sendError, to not
flag a violation, but also detect committed responses for other cases, such as:
* manually committed responses that are done through code, like writing
directly to the response writer or outputstream
* responses that get committed because the buffer if full and needs to be
flushed
* any others...)
> ProtectHeadersOnInclude functionality ignores changes to the response buffer
> size
> ---------------------------------------------------------------------------------
>
> Key: SLING-12845
> URL: https://issues.apache.org/jira/browse/SLING-12845
> Project: Sling
> Issue Type: Bug
> Components: Engine
> Affects Versions: Engine 3.0.0, Engine 2.16.4
> Reporter: Remo Liechti
> Assignee: Remo Liechti
> Priority: Major
>
> Buffersize is not a header and therefore must not be protected:
> https://github.com/apache/sling-org-apache-sling-engine/blob/engine-2.x/src/main/java/org/apache/sling/engine/impl/SlingHttpServletResponseImpl.java#L263
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
