On 12/19/2002 at 4:02 PM Martin Algesten wrote: >The problem with this bug is that there are people here who don't agree >it is a bug... which is just plain ignorant and stupid... THIS IS A >BUG....IT NEEDS FIXING!
Thank you - now I at least know that other people have observed this behavior and I'm not merely on crack. Now it remains to show that the behavior is incorrect. The 2.3 servlet specification doesn't explicitly state that the status code attached to a response handled by an error-page element should be the original status code... (Perhaps I should write to the servlet spec group working on 2.4 to suggest making this explicit?) However, common sense and the HTTP specification both suggest that it would be the right thing to do. If you send a 200 instead of a 404 status code along with an html page which says the given resource was not found, search engines, proxy servers, et. al. will not understand that the resource is missing. Hmm. Digging around in the 2.3 spec more deeply, I note the description of HttpServletResponse.sendError reads: "Sends an error response to the client using the specified status clearing the buffer. The server defaults to creating the response to look like an HTML-formatted server error page containing the specified message, setting the content type to "text/html", leaving cookies and other headers unmodified. If an error-page declaration has been made for the web application corresponding to the status code passed in, it will be served back in preference to the suggested msg parameter." The first sentence clearly states that the response sent to the client must use the specified status code, regardless of whether the content body is generated by the server automatically or is read from an error-page location. >I've tried get this one sorted as well... however, either someone will >tell you they don't agree it is a bug and/or they will just ignore you >until you go away. I can't accept that. If it's a bug, if it doesn't implement the servlet or HTTP specifications properly, it should be fixed. Apache software has always been about correctness, security, and speed, in that order. - donald -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
