Add custom error page for uncaught exceptions#159
Conversation
Current coverage is 88.61% (diff: 94.11%)@@ master #159 diff @@
==========================================
Files 36 36
Lines 1275 1291 +16
Methods 0 0
Messages 0 0
Branches 121 122 +1
==========================================
+ Hits 1129 1144 +15
Misses 108 108
- Partials 38 39 +1
|
|
I'm not sure it's a good idea to leak internal information that way. I would leave the details for the internal log, but stay generic for the presented page. |
|
This error page captures all uncaught exception, any generic exception. If the content of the exception is not displayed, then it is no different from the original behaviour of a plain 500 server error page. |
|
and that's the point. You don't want to leak internal information to externals. That way anyone can see exactly what went wrong and the path information. It is information leakage http://projects.webappsec.org/w/page/13246936/Information%20Leakage |
|
@stefanoborini better? |
|
@stefanoborini I know this is not the best place for an HTTPError, but I would prefer improving on this after the PR list is shorter. |
|
And this is how it looks to the admin |
|
|
||
| class TestBaseHandlerDatabaseError(TempMixin, utils.AsyncHTTPTestCase): | ||
| def setUp(self): | ||
| self._old_proxy_api_token = os.environ.get("PROXY_API_TOKEN", None) |
There was a problem hiding this comment.
This code shows up again and again in all our tests. It's becoming a liability.
There was a problem hiding this comment.
It is always tricky to have to cleanup/recover the enviroment variables. Can you open an issue, this will need to be investigated.

Uncaught error such as #143 causes a plain "HTTP 500: Internal Server Error" page. This PR overloads tornado's
write_errorso that error message is displayed.For #143, it displays something like this:
