New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Routing] TypeErrors in a controller route should return HTTP 400 (Invalid request) instead of 500 (Server error) #37814
Comments
I don't think TypeErrors should be caught here. Instead we could automatically add a regex requirement to a placeholder when the parameter has an int type. |
What if a Value Resolver fails to resolve the value? What if strict types are in use? What if the argument is boolean, float, or a date? There are more cases and they all sould behave consistently. I don't like adding a regexp automatically. That seems as a dirty hotfix. This matter should be solved in a more generic way. |
Strict types are not in use in the HttpKernel when calling the controller. We know that for sure.
For these cases, you must need an argument resolver to perform the conversion anyway. So a 500 error when it is missing is actually right: the server code is broken. |
I'm 👎 here, this is going too deep into type-inference deductions. |
Thank you for this suggestion. |
Since the big bosses said no, I'm closing it |
I think it would make more sense if a HTTP status code 400 is returned when the type of a variable is wrong, for example:
Which is much easier to write and remember than the annotation
requirements={"id"="\d+"}
The TypeError could be caught and shown instead a 400 or 404 error.
Edit: I know an integer is not the same as a numeric string, but casting to integer has been the oldest way to protect from SQL injections since the beginning of time in PHP and I guess it's still widely used...
The text was updated successfully, but these errors were encountered: