On Feb 5, 2009, at 1:28 PM, Caldarale, Charles R wrote:
From: Dave Pawson [mailto:[email protected]]
Subject: TC6 ${CATALINA_HOME}/conf/web.xml Is this the place
to constrain the mime type?
I want to 'reject' (if that's the right word) any http get
with mime type != application/xml
The client doesn't send the mime-type it is requesting. It sends some
set of types it is willing to accept. For example:
accept=text/html,application/xhtml+xml,application/xml
Why not just always send XML? or if they don't have an accept entry
for application/xml the send and error with status code 406:
"406 Not Acceptable
The resource identified by the request is only capable of generating
response entities which have content characteristics not acceptable
according to the accept headers sent in the request.
Unless it was a HEAD request, the response SHOULD include an entity
containing a list of available entity characteristics and location(s)
from which the user or user agent can choose the one most appropriate.
The entity format is specified by the media type given in the Content-
Type header field. Depending upon the format and the capabilities of
the user agent, selection of the most appropriate choice MAY be
performed automatically. However, this specification does not define
any standard for such automatic selection.
Note: HTTP/1.1 servers are allowed to return responses which are
not acceptable according to the accept headers sent in the
request. In some cases, this may even be preferable to sending a
406 response. User agents are encouraged to inspect the headers
of
an incoming response to determine if it is acceptable.
If the response could be unacceptable, a user agent SHOULD temporarily
stop receipt of more data and query the user for a decision on further
actions."
best,
-Rob
Do you mean .html and .jsp are not valid? That might make life
interesting. It will be difficult to stop clients from accepting at
least text/html in addition to application/xml.
I see in web.xml in the conf directory
<mime-mapping>
<extension>xml</extension>
<mime-type>application/xml</mime-type>
</mime-mapping>
Is this the right place to do it please?
No - that would pretty much certainly break things. Also, AFAIK,
that's only used for responses, so that the container can set the
mime type properly for whatever resource is being returned.
You probably need to do this in a filter that will see the request
before your servlets do.
- Chuck
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
