You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When running scripts it's hard to tell what's happened on an internal server error.
I can't see any secrets returned on 500s. Is there a reason for hiding the message? Endusers don't hit any of this project's endpoints directly do they?
Edit: I've changed this to return 400s with error reasons on api client errors in Identity backfill.
Some endpoints are hit directly by end users, digital-subscription-expiry comes to mind but there might be others as well.
Whether there are secrets or not in the response is hard to tell since the error message depends on exceptions that could be generated in many different places.
I don't think this is the commonly expected behaviour and since this project is the default location for our future lambda based apis I would prefer not to do that.
But that's just my opinion, @johnduffell@paulbrown1982@twrichards@jacobwinch : what do you think?
The reason will be displayed to describe this comment to others. Learn more.
if you are changing it only for identity backfill then I would also be ok with you returning the error description in a 500 if you think that suits it better.
I just didn't think we should do it globally for all apis
agree with patricio, if it's going to be a protected endpoint indefinitely then returning directly is OK 👍 otherwise it's risky.
If we had better logging e.g. ELK it would be less of an issue though - that's a future TODO though.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
QuarpT
force-pushed
the
error-message-on-500
branch
from
johnduffell
changed the title
When running scripts it's hard to tell what's happened on an internal server error.
I can't see any secrets returned on 500s. Is there a reason for hiding the message? Endusers don't hit any of this project's endpoints directly do they?
Edit: I've changed this to return 400s with error reasons on api client errors in Identity backfill.