You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/03/22 01:16:00 UTC
[GitHub] [apisix] spacewander opened a new issue #6679: feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked
spacewander opened a new issue #6679:
URL: https://github.com/apache/apisix/issues/6679
### Description
For example,
https://github.com/apache/apisix/blob/a1482dd78cf8494e1ce9f6ca246d9afde3aa733a/apisix/plugins/authz-keycloak.lua#L664-L666
will tell the client about the token endpoint configuration.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] liangliang4ward commented on issue #6679: feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked
Posted by GitBox <gi...@apache.org>.
liangliang4ward commented on issue #6679:
URL: https://github.com/apache/apisix/issues/6679#issuecomment-1074953578
maybe support user to config their response
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander closed issue #6679: feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked
Posted by GitBox <gi...@apache.org>.
spacewander closed issue #6679:
URL: https://github.com/apache/apisix/issues/6679
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] starsz commented on issue #6679: feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked
Posted by GitBox <gi...@apache.org>.
starsz commented on issue #6679:
URL: https://github.com/apache/apisix/issues/6679#issuecomment-1076349439
> I remember we have the error page mechanism? cc @starsz
Yeah. So I think we wouldn't get err details from the server now.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] shuaijinchao commented on issue #6679: feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked
Posted by GitBox <gi...@apache.org>.
shuaijinchao commented on issue #6679:
URL: https://github.com/apache/apisix/issues/6679#issuecomment-1074662449
I think it's a good idea +1
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] jagerzhang edited a comment on issue #6679: feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked
Posted by GitBox <gi...@apache.org>.
jagerzhang edited a comment on issue #6679:
URL: https://github.com/apache/apisix/issues/6679#issuecomment-1075957123
maybe we need an error-page plugin to customize the error response of different error codes.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on issue #6679: feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked
Posted by GitBox <gi...@apache.org>.
spacewander commented on issue #6679:
URL: https://github.com/apache/apisix/issues/6679#issuecomment-1076975952
@liangliang4ward @jagerzhang @tokers @starsz
The err page only works with 500 code (and sometimes we still need to return a error msg, thanks for the limit-* plugins' old default value).
Most importantly, we are not discussing how to hide the leaked details, but to solve them in the beginning.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] tzssangglass commented on issue #6679: feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked
Posted by GitBox <gi...@apache.org>.
tzssangglass commented on issue #6679:
URL: https://github.com/apache/apisix/issues/6679#issuecomment-1074615646
agree +1
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] fatihbm commented on issue #6679: feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked
Posted by GitBox <gi...@apache.org>.
fatihbm commented on issue #6679:
URL: https://github.com/apache/apisix/issues/6679#issuecomment-1074816864
agree +1
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] jagerzhang removed a comment on issue #6679: feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked
Posted by GitBox <gi...@apache.org>.
jagerzhang removed a comment on issue #6679:
URL: https://github.com/apache/apisix/issues/6679#issuecomment-1075956994
1、use error_page,this will hide all error messages
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] jagerzhang commented on issue #6679: feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked
Posted by GitBox <gi...@apache.org>.
jagerzhang commented on issue #6679:
URL: https://github.com/apache/apisix/issues/6679#issuecomment-1075957123
> agree +1 So, I think we can do it in the following ways: 1、use `error_page`,this will hide all error messages 2、remove sensitive information before it sent to client 3、add a configuration to let the user decide
>
> I have no other better idea
1、use error_page,this will hide all error messages
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] soulbird commented on issue #6679: feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked
Posted by GitBox <gi...@apache.org>.
soulbird commented on issue #6679:
URL: https://github.com/apache/apisix/issues/6679#issuecomment-1074669243
agree +1
So, I think we can do it in the following ways:
1、use `error_page`,this will hide all error messages
2、remove sensitive information before it sent to client
3、add a configuration to let the user decide
I have no other better idea
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] tokers commented on issue #6679: feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked
Posted by GitBox <gi...@apache.org>.
tokers commented on issue #6679:
URL: https://github.com/apache/apisix/issues/6679#issuecomment-1076130165
I remember we have the error page mechanism? cc @starsz
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] leslie-tsang commented on issue #6679: feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked
Posted by GitBox <gi...@apache.org>.
leslie-tsang commented on issue #6679:
URL: https://github.com/apache/apisix/issues/6679#issuecomment-1074829967
agree. let't do it this way. :)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] jagerzhang commented on issue #6679: feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked
Posted by GitBox <gi...@apache.org>.
jagerzhang commented on issue #6679:
URL: https://github.com/apache/apisix/issues/6679#issuecomment-1075956994
1、use error_page,this will hide all error messages
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on issue #6679: feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked
Posted by GitBox <gi...@apache.org>.
spacewander commented on issue #6679:
URL: https://github.com/apache/apisix/issues/6679#issuecomment-1076983756
Created a fresh one as https://github.com/apache/apisix/issues/6699
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on issue #6679: feat: As a user, I want to hide 5xx error detail from the client, so that the detail is not leaked
Posted by GitBox <gi...@apache.org>.
spacewander commented on issue #6679:
URL: https://github.com/apache/apisix/issues/6679#issuecomment-1076976064
Closed as off-topic
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org