New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add HttpErrorInfo request attribute to track origins of errors #10270
Add HttpErrorInfo request attribute to track origins of errors #10270
Conversation
|
||
case class HttpErrorInfo( | ||
origin: String | ||
) extends play.http.HttpErrorInfo |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The implementation of HttpErrorInfo
is done the same we way do for HandlerDef
:
- https://github.com/playframework/playframework/blob/2.8.1/core/play/src/main/java/play/routing/HandlerDef.java
- https://github.com/playframework/playframework/blob/2.8.1/core/play/src/main/scala/play/api/routing/HandlerDef.scala
The Scala version extends the Java version, this makes it easy to just always store the one and only instance in the request attributes, because it is, at the same time, a Java and a Scala HttpErrorInfo
object.
*/ | ||
object Attrs { | ||
val HttpErrorInfo: TypedKey[HttpErrorInfo] = TypedKey("HttpErrorInfo") | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Again same style like for HandlerDef
:
playframework/core/play/src/main/scala/play/api/routing/Router.scala
Lines 118 to 127 in 7d860b7
/** | |
* Request attributes used by the router. | |
*/ | |
object Attrs { | |
/** | |
* Key for the [[HandlerDef]] used to handle the request. | |
*/ | |
val HandlerDef: TypedKey[HandlerDef] = TypedKey("HandlerDef") | |
} |
class Attrs { | ||
public static final TypedKey<HttpErrorInfo> HTTP_ERROR_INFO = | ||
new TypedKey<>(play.api.http.HttpErrorHandler.Attrs$.MODULE$.HttpErrorInfo()); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
HandlerDef
style once more:
playframework/core/play/src/main/java/play/routing/Router.java
Lines 51 to 56 in 7d860b7
/** Request attributes used by the router. */ | |
class Attrs { | |
/** Key for the {@link HandlerDef} used to handle the request. */ | |
public static final TypedKey<HandlerDef> HANDLER_DEF = | |
new TypedKey<>(play.api.routing.Router.Attrs$.MODULE$.HandlerDef()); | |
} |
ef792e9
to
f8e9b5a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think HttpErrorInfo as a request attribute is fine as is, but we should either label it as an internal/experimental API (Akka does this occasionally using ApiMayChange) or document it fully. Leaning it marking it as experimental, so if you rely on the string to be a specific value it's specifically a risk you're taking.
I like the idea of marking this |
Thanks for the feedback, I will fix that tomorrow. |
f8e9b5a
to
0442e4e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
* Used as request attribute which gets attached to the request that gets passed to an error | ||
* handler. Contains additional information useful for handling an error. | ||
*/ | ||
@ApiMayChange |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
* Used as request attribute which gets attached to the request that gets passed to an error | ||
* handler. Contains additional information useful for handling an error. | ||
*/ | ||
@ApiMayChange |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
@@ -280,6 +280,9 @@ object CSRF { | |||
|
|||
class CSRFHttpErrorHandler @Inject() (httpErrorHandler: HttpErrorHandler) extends ErrorHandler { | |||
import play.api.http.Status.FORBIDDEN | |||
|
|||
// The req param already has HttpErrorInfo("csrf-filter") in its attributes, no need to add them here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
@Mergifyio backport 2.8.x |
Command
|
Command
|
Please read this comment, it should explain the motivation behind this pull request: #6171 (comment)
I tried to keep the
HttpErrorInfo
class as generic as possible, so we can extend it later for other uses cases, maybe one day we want to attach more infos to the request passed to an error handler.With this pull request I started to add the
HttpErrorInfo
attribute toonClientErrors
thrown by filters and the server backends for now. We can extend that in later pull requests, if someone comes up with the need for more origin tracking.For me personally I need to know if the 413 request entity too large came from the server backend or a body parser.