You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/03/22 01:16:00 UTC

[GitHub] [apisix] spacewander opened a new issue #6679: feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked

spacewander opened a new issue #6679:
URL: https://github.com/apache/apisix/issues/6679


   ### Description
   
   For example,
   https://github.com/apache/apisix/blob/a1482dd78cf8494e1ce9f6ca246d9afde3aa733a/apisix/plugins/authz-keycloak.lua#L664-L666
   will tell the client about the token endpoint configuration.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] liangliang4ward commented on issue #6679: feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked

Posted by GitBox <gi...@apache.org>.

liangliang4ward commented on issue #6679:
URL: https://github.com/apache/apisix/issues/6679#issuecomment-1074953578


   maybe support user to config their response


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] spacewander closed issue #6679: feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked

Posted by GitBox <gi...@apache.org>.

spacewander closed issue #6679:
URL: https://github.com/apache/apisix/issues/6679


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] starsz commented on issue #6679: feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked

Posted by GitBox <gi...@apache.org>.

starsz commented on issue #6679:
URL: https://github.com/apache/apisix/issues/6679#issuecomment-1076349439


   > I remember we have the error page mechanism? cc @starsz
   
   Yeah. So I think we wouldn't get err details from the server now.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] shuaijinchao commented on issue #6679: feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked

Posted by GitBox <gi...@apache.org>.

shuaijinchao commented on issue #6679:
URL: https://github.com/apache/apisix/issues/6679#issuecomment-1074662449


   I think it's a good idea +1


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] jagerzhang edited a comment on issue #6679: feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked

Posted by GitBox <gi...@apache.org>.

jagerzhang edited a comment on issue #6679:
URL: https://github.com/apache/apisix/issues/6679#issuecomment-1075957123


   maybe we need an error-page plugin to customize the error response of different error codes.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] spacewander commented on issue #6679: feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked

Posted by GitBox <gi...@apache.org>.

spacewander commented on issue #6679:
URL: https://github.com/apache/apisix/issues/6679#issuecomment-1076975952


   @liangliang4ward @jagerzhang @tokers @starsz 
   The err page only works with 500 code (and sometimes we still need to return a error msg, thanks for the limit-* plugins' old default value).
   
   Most importantly, we are not discussing how to hide the leaked details, but to solve them in the beginning.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tzssangglass commented on issue #6679: feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked

Posted by GitBox <gi...@apache.org>.

tzssangglass commented on issue #6679:
URL: https://github.com/apache/apisix/issues/6679#issuecomment-1074615646


   agree +1


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] fatihbm commented on issue #6679: feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked

Posted by GitBox <gi...@apache.org>.

fatihbm commented on issue #6679:
URL: https://github.com/apache/apisix/issues/6679#issuecomment-1074816864


   agree +1 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] jagerzhang removed a comment on issue #6679: feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked

Posted by GitBox <gi...@apache.org>.

jagerzhang removed a comment on issue #6679:
URL: https://github.com/apache/apisix/issues/6679#issuecomment-1075956994


   1、use error_page，this will hide all error messages


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] jagerzhang commented on issue #6679: feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked

Posted by GitBox <gi...@apache.org>.

jagerzhang commented on issue #6679:
URL: https://github.com/apache/apisix/issues/6679#issuecomment-1075957123


   > agree +1 So, I think we can do it in the following ways： 1、use `error_page`，this will hide all error messages 2、remove sensitive information before it sent to client 3、add a configuration to let the user decide
   > 
   > I have no other better idea
   
   1、use error_page，this will hide all error messages 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] soulbird commented on issue #6679: feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked

Posted by GitBox <gi...@apache.org>.

soulbird commented on issue #6679:
URL: https://github.com/apache/apisix/issues/6679#issuecomment-1074669243


   agree +1
   So, I think we can do it in the following ways：
   1、use `error_page`，this will hide all error messages
   2、remove sensitive information before it sent to client
   3、add a configuration to let the user decide
   
   I have no other better idea


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tokers commented on issue #6679: feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked

Posted by GitBox <gi...@apache.org>.

tokers commented on issue #6679:
URL: https://github.com/apache/apisix/issues/6679#issuecomment-1076130165


   I remember we have the error page mechanism? cc @starsz 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] leslie-tsang commented on issue #6679: feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked

Posted by GitBox <gi...@apache.org>.

leslie-tsang commented on issue #6679:
URL: https://github.com/apache/apisix/issues/6679#issuecomment-1074829967


   agree. let't do it this way. :)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] jagerzhang commented on issue #6679: feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked

Posted by GitBox <gi...@apache.org>.

jagerzhang commented on issue #6679:
URL: https://github.com/apache/apisix/issues/6679#issuecomment-1075956994


   1、use error_page，this will hide all error messages


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] spacewander commented on issue #6679: feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked

Posted by GitBox <gi...@apache.org>.

spacewander commented on issue #6679:
URL: https://github.com/apache/apisix/issues/6679#issuecomment-1076983756


   Created a fresh one as https://github.com/apache/apisix/issues/6699


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] spacewander commented on issue #6679: feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked

Posted by GitBox <gi...@apache.org>.

spacewander commented on issue #6679:
URL: https://github.com/apache/apisix/issues/6679#issuecomment-1076976064


   Closed as off-topic


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org