Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEC-790: DefaultLoginPageGeneratingFilter should be a better HTTP citizen #1051

Closed
spring-issuemaster opened this issue Apr 21, 2008 · 2 comments

Comments

@spring-issuemaster
Copy link

commented Apr 21, 2008

Espen Wiborg(Migrated from SEC-790) said:

DefaultLoginPageGeneratingFilter in 2.0.0 does not set content-type, character encoding or content-length when generating the response. This can lead to incorrect behavior (e.g. content-type set to text/plain) when using an overzealous proxy (yes, Apache, I’m looking at you).

Attached is a patch to have the filter set content-type to text/html; charset=UTF-8, and content-length to the length of the response.

@spring-issuemaster

This comment has been minimized.

Copy link
Author

commented Apr 22, 2008

Luke Taylor said:

Thanks for the patch. DefaultLoginPageGeneratingFilter is only really expected to be used to allow you to get up and running without the hassle of dealing with JSPs or other view technologies. I didn’t expect people to really use it in production (or behing apache proxies). But who knows :).

@spring-issuemaster

This comment has been minimized.

Copy link
Author

commented Apr 22, 2008

Luke Taylor said:

I’ve applied the patch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.