Send exception message as reason on client error #611
Conversation
Signed-off-by: Alin Dreghiciu <adreghiciu@gmail.com>
|
+100 And same should be done for org.sonatype.nexus.rest.artifact.AbstractArtifactPlexusResource.handleException(Request, Response, Throwable) That is actually dupe of this here (handle method) |
|
Like the idea but... What assurance do we have an exception message does not contain content we do not want to send to client? Also at what layer are these messages escaped? Restlet handles it automatically? |
|
@peterlynch we will see what messages are out there |
|
an option might be to make it configurable to include exception message in status, default off - until we have some better way to determine this does not expose some information we shouldn't not sure how useful then this becomes. |
|
jsoup can probably sanitize if needed: |
|
Generally I think this is good, so +1, but I do share concerns about the message content... but eh, probably only one way to really find out if its sending appropriate content or not ;-) |
|
Escaping is already handled by NexusStatusService, as that is the restlet component rendering these pages. About the content, "The proof of the pudding"... so merge this |
Send exception message as reason on client error
Signed-off-by: Alin Dreghiciu adreghiciu@gmail.com