An error dispatch will be presented to the (custom) error page with the original HTTP method. In some configurations, some methods may trigger unexpected behaviour. For example, Tomcat had CVE-2017-5664 when the Default servlet was enabled for write and serving static error pages.
It is implied, but not explicitly stated, that error dispatches must always be handled as GET requests. I'd like to make this explicit and implement this in HttpServlet.
An error dispatch will be presented to the (custom) error page with the original HTTP method. In some configurations, some methods may trigger unexpected behaviour. For example, Tomcat had CVE-2017-5664 when the Default servlet was enabled for write and serving static error pages.
It is implied, but not explicitly stated, that error dispatches must always be handled as GET requests. I'd like to make this explicit and implement this in HttpServlet.