[
https://issues.apache.org/jira/browse/OFBIZ-5409?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13845877#comment-13845877 ]
Adrian Crum commented on OFBIZ-5409:
------------------------------------
Returning attributes is ABSOLUTELY a security risk. Those attributes should remain within the server, they should not be returned as part of an HTTP response!
> JSON Response does not set http status on error
> -----------------------------------------------
>
> Key: OFBIZ-5409
> URL:
https://issues.apache.org/jira/browse/OFBIZ-5409> Project: OFBiz
> Issue Type: Improvement
> Components: ALL APPLICATIONS
> Affects Versions: SVN trunk
> Reporter: Gareth Carter
> Priority: Trivial
> Attachments: CommonEvents.patch
>
>
> When a json response is sent and there was an error in the service called, it does not set the http status. Currently status code is always 200 but it might be more appropriate to send an error code such as 500.
--
This message was sent by Atlassian JIRA
(v6.1.4#6159)
Locked
