[TAP5-2768] DefaultRequestExceptionHandler shouldn't send Exception message in production - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 5.8.3
Fix Version/s: 5.8.4
Component/s: tapestry-core
Labels:
None

Description

The DefaultRequestExceptionHandler shouldn't write the actual Exception message to the Request header X-Tapestry-ErrorMessage in production mode.

Instead, a generic "An error occurred." should be used, as the message exposes app internals.

The client-side code in ajax.coffee only uses the header detecting if an error occurred and logging it to console.error, so its actual value is irrelevant.

Omitting the header completely would mean reworking ajax.coffee, as the header indicates that the response might contain HTML content for the exception frame.

Attachments

Activity

People

Assignee:: Ben Weidig

Reporter:: Ben Weidig

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 07/Nov/23 07:26

Updated:: 09/Nov/23 09:32

Resolved:: 09/Nov/23 07:59