Skip to content

[HttpFoundation] [Debug] Return a 400 response for suspicious operations #20662

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

[HttpFoundation] [Debug] Return a 400 response for suspicious operations #20662

wants to merge 1 commit into from

Conversation

thewilkybarkid
Copy link
Contributor

@thewilkybarkid thewilkybarkid commented Nov 28, 2016
edited
Loading

Q A
Branch? master
Bug fix? no
New feature? yes
BC breaks? no
Deprecations? no
Tests pass? yes
Fixed tickets #20615
License MIT
Doc PR

Adds a new exception (based on Django's) that FlattenException turns into a '400 Bad Request' response.

As mentioned in #20615, the RouterListener triggers the host match failure for a second time on kernel.finish_request, and I couldn't see a more appropriate way of handling this.

@thewilkybarkid thewilkybarkid force-pushed the suspicious-operation-exception branch from 4c04393 to f27a05e Compare November 28, 2016 08:15
@thewilkybarkid thewilkybarkid force-pushed the suspicious-operation-exception branch from f27a05e to 681b7d7 Compare November 28, 2016 08:32
@nicolas-grekas nicolas-grekas added this to the 3.x milestone Dec 6, 2016
@fabpot
Copy link
Member

fabpot commented Dec 13, 2016

👍

@fabpot fabpot mentioned this pull request Dec 16, 2016
Merged
@fabpot
Copy link
Member

fabpot commented Dec 16, 2016

I've fixed the remaining issues and removed the hack on the routing listener in #20962

@fabpot fabpot closed this Dec 16, 2016
fabpot added a commit that referenced this pull request Dec 17, 2016
@fabpot
feature #20962 Request exceptions (thewilkybarkid, fabpot)
4009280 
This PR was merged into the 3.3-dev branch.

Discussion
----------

Request exceptions

| Q             | A
| ------------- | ---
| Branch?       | master
| Bug fix?      | yes
| New feature?  | yes
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #20389, #20615, #20662
| License       | MIT
| Doc PR        | n/a

Replaces #20389 and #20662. The idea is to generically manage 400 responses when an exception implements `RequestExceptionInterface`.

The "weird" caches on the request for the host and the clients IPs allows to correctly manage exceptions in an exception listener/controller (as we are duplicating the request there, but we don't want to throw an exception there).

Commits
-------

32ec288 [HttpFoundation] refactored Request exceptions
d876809 Return a 400 response for suspicious operations
@thewilkybarkid thewilkybarkid deleted the suspicious-operation-exception branch January 31, 2017 07:51
@nicolas-grekas nicolas-grekas modified the milestones: 3.x, 3.3 Mar 24, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Debug HttpFoundation Status: Needs Review
Projects
None yet
Milestone
3.3
Development

Successfully merging this pull request may close these issues.
4 participants
@thewilkybarkid @fabpot @nicolas-grekas @carsonbot