fix(blog): return 404 from post_detail when pk does not match a post#911
Open
SAY-5 wants to merge 1 commit intomemeLab:developfrom
Open
fix(blog): return 404 from post_detail when pk does not match a post#911SAY-5 wants to merge 1 commit intomemeLab:developfrom
SAY-5 wants to merge 1 commit intomemeLab:developfrom
Conversation
post_detail called Post.objects.prefetch_related("images", "categories")
.get(pk=pk) with no exception handling. When the route
`blog/post/<int:pk>/` is hit with any pk that does not correspond to an
existing row, Django raises Post.DoesNotExist. Django's default handler
turns uncaught DoesNotExist into an HTTP 500 ("Internal Server Error"),
so legitimate 404s are reported as server errors to crawlers, Sentry,
and anyone who types a stale permalink. This also makes the noise-floor
in the error tracker unusable for real bugs.
Switch to get_object_or_404 against the same prefetched queryset so the
response is a clean 404 Not Found. Behaviour is identical for any pk
that does resolve.
Fixes memeLab#856
Signed-off-by: SAY-5 <SAY-5@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
post_detailinsrc/blog/views.pycalled:QuerySet.get(pk=pk)raisesPost.DoesNotExistwhen the pk does not match a row. The view did not catch it, so Django's default handler turned every missing-post request into an HTTP 500 Internal Server Error.The route
blog/post/<int:pk>/is public, so any stale permalink, crawler, or user who types a pk that has since been deleted triggers a 500. On top of being wrong from an HTTP-semantics angle (it should be 404), it also pollutes Sentry / the server's error log with noise that masks real 500s.Fix
Swap
.get(pk=pk)fordjango.shortcuts.get_object_or_404against the same prefetched queryset:get_object_or_404delegates to the same.get()call under the hood, so behaviour for any pk that does resolve is identical (same prefetching, same queryset). The only observable change is that a missing pk now returns a clean 404 Not Found.Fixes #856