You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Operating System (Ubuntu 15.10 / MacOS 10.10 / Windows 10)
Ubuntu
JDK (Oracle 1.8.0_72, OpenJDK 1.8.x, Azul Zing)
Paste the output from java -version at the command line.
Expected Behavior
If the application returns a 404, 500 or other error code, I'd expect any changes to the response to still apply.
For example setting of security headers such as X-Frame-Options, or Content-Security-Policy.
Actual Behavior
When returning a 404 or 500 (and other errors), the resulting response is a 'new response' created within play.server.PlayHandler#serve404 which does not contain any headers.
This means that if you have a Play Plugin which is designed to add security headers, those headers are not present on error responses.
The text was updated successfully, but these errors were encountered:
Play Version 1.5.x - 1.7.x
Operating System (Ubuntu 15.10 / MacOS 10.10 / Windows 10)
Ubuntu
JDK (Oracle 1.8.0_72, OpenJDK 1.8.x, Azul Zing)
Paste the output from
java -versionat the command line.Expected Behavior
If the application returns a 404, 500 or other error code, I'd expect any changes to the response to still apply.
For example setting of security headers such as X-Frame-Options, or Content-Security-Policy.
Actual Behavior
When returning a 404 or 500 (and other errors), the resulting response is a 'new response' created within
play.server.PlayHandler#serve404which does not contain any headers.This means that if you have a Play Plugin which is designed to add security headers, those headers are not present on error responses.
The text was updated successfully, but these errors were encountered: