New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enhancement: only expose the path in ValidationException
s
#3061
Comments
Sounds good to me. It seems like you already figured out what changes need to be made here. Do you want to open a PR for this? |
I have just realized that by simply doing So, for example; It makes sense for the 'feature request' as it really is just the path that's there but my example was incorrect. (I have now edited it in the original post) |
Shouldn't have this auto-closed when #3064 got merged? Is it some Github feature/behavior I am unaware of or is it still open on purpose? |
The PR was merged into |
Closed in #3064. |
A fix for this issue has been released in v2.7.0 |
Summary
Currently
ValidationException
exposes the full URL in the error response, leaking internal IP(s) or other similar infra related information.Relevant code:
litestar/litestar/_signature/model.py
Line 122 in d52caee
litestar/litestar/_kwargs/extractors.py
Line 110 in d52caee
{connection.url}
->{connection.url.path}
Basic Example
and
would become
Drawbacks and Impact
No response
Unresolved questions
No response
Note
While we are open for sponsoring on GitHub Sponsors and
OpenCollective, we also utilize Polar.sh to engage in pledge-based sponsorship.
Check out all issues funded or available for funding on our Polar.sh dashboard
The text was updated successfully, but these errors were encountered: