-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Avoid exposure of type names by QueryRejection #1171
Avoid exposure of type names by QueryRejection #1171
Conversation
This is neccessary, to avoid public exposure of implementation details by the default error message if the extractor fails to deserialize the query parameters into the target type.
Thanks! Wanna add a note to the changelog as well? |
axum/CHANGELOG.md
Outdated
@@ -7,6 +7,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 | |||
|
|||
# Unreleased | |||
|
|||
- **fixed:** `QueryRejection` response exposes type names through public interface ([#1171]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This almost sounds like the fix was to expose internal types. Maybe this is more clear?
- **fixed:** `QueryRejection` response exposes type names through public interface ([#1171]) | |
- **fixed:** Don't expose internal type names in `QueryRejection` responses ([#1171]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
huh.. I guess you are right.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
Motivation
This is neccessary, to avoid public exposure of implementation details
by the default error message if the extractor fails to deserialize
the query parameters into the target type.
Solution
Removing the
type_name
field fromFailedToDeserializeQueryString
.