[Zope3-dev] X-zope-handle-errors header

Chris Withers chris at simplistix.co.uk
Thu Jan 19 13:36:56 EST 2006


Stephan Richter wrote:
> On Thursday 01 December 2005 09:28, Chris Withers wrote:
> 
>>Do we want Zope to always respond to this header?
>>Yes, it's helpful for testing, but surely it risks information
>>disclosure vulnerabilities or worse if used on a production application?
> 
> The user would receive no useful information, since he would only get a 
> SystemError page that contains null information.

Sorry, I'm obviously misunderstand how this header works..

What does setting this header actually do?

cheers,

Chris

-- 
Simplistix - Content Management, Zope & Python Consulting
            - http://www.simplistix.co.uk



More information about the Zope3-dev mailing list