Merge pull request #1 from bdoyal/pixeebot/drip-2024-03-25-codeql-jav…

…a/stack-trace-exposure Prevent information leak of stack trace details to HTTP responses (CodeQL)
bdoyal · Mar 25, 2024 · 25c2e15 · 25c2e15
2 parents 817afc7 + fcc0f5f
commit 25c2e15
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/main/java/org/owasp/webgoat/container/AjaxAuthenticationEntryPoint.java b/src/main/java/org/owasp/webgoat/container/AjaxAuthenticationEntryPoint.java
@@ -51,7 +51,7 @@ public AjaxAuthenticationEntryPoint(String loginFormUrl) {
     @Override
     public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
         if (request.getHeader("x-requested-with") != null) {
-            response.sendError(401, authException.getMessage());
+            response.sendError(401);
         } else {
             super.commence(request, response, authException);
         }