Just a quick note for anyone using Apache as a proxy (commonly with Tomcat, Jetty or some other Java application server behind): If your application does not set the Content-Type header, Apache will apply one for you. Which one, you ask? Well, that depends on the extension
of the URL your content is served from. If that URL is
, you get...
Workaround: Include '
' in your Apache config (works well in a
The fix, of course, is to set the content type. I've submitted this
to the Spring Security team; hopefully it'll make it into 2.0.1.
Post a Comment