Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked #6699

Closed
spacewander opened this issue Mar 24, 2022 · 3 comments · Fixed by #6982
Closed

feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked #6699

spacewander opened this issue Mar 24, 2022 · 3 comments · Fixed by #6982
Assignees
@liangliang4ward
Labels
good first issue Good for newcomers

Comments

@spacewander
Copy link
Member

spacewander commented Mar 24, 2022
edited

Description

For example,

apisix/apisix/plugins/authz-keycloak.lua

Lines 664 to 666 in a1482dd

err = "Error while sending authz request to " .. token_endpoint .. ": " .. err
log.error(err)
return 500, err

will tell the client about the token endpoint configuration.
@spacewander spacewander added the good first issue Good for newcomers label Mar 24, 2022
@spacewander spacewander mentioned this issue Mar 24, 2022
Closed
@liangliang4ward
Copy link
Contributor

liangliang4ward commented Mar 24, 2022
edited

you mean hiding real err to client ?
like

return 500,"error client balala"

@spacewander
Copy link
Member Author

Yes, we can just return 503. Like this one: #6382 (comment)

@liangliang4ward
Copy link
Contributor

let me check and modify them.

This was referenced Mar 29, 2022
Closed
Closed
@leslie-tsang leslie-tsang mentioned this issue May 4, 2022
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@liangliang4ward liangliang4ward

Labels
good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
2 participants
@liangliang4ward @spacewander