Details
-
Bug
-
Resolution: Fixed
-
Major
-
None
-
None
-
None
-
-
Empty show more show less
-
Saigon 127, Saigon 128, Saigon 129, Saigon 130
-
1
Description
The endpoint should not return the query exception. This is a security problem, as it reveals too much about how the system is working. It will also be unexpected by a developer, and reduce trust in the system. (Its OK for it to show up in the logs.)
Returns the text:
"javax.jcr.query.InvalidQueryException: Query:
SELECT * FROM [nt:base] AS t WHERE ([jcr:primaryType] = 'mgnl:composition') AND ([820a075a(*)-8c95-4f00-b0ee-5f3bf339f1ff] = '') AND ([tours] = 'a358f3ad-5a03-4f5d-b0ab-cb2219100472') ORDER BY LOWER(NAME(t)) ASC; expected: ]"
Another example - if i request an endpoint it cannot find "http://localhost:8080/magnoliaAuthor/.rest/delivery/tours"
I get response "RESTEASY003210: Could not find resource for full path: http://localhost:8080/magnoliaAuthor/.rest/delivery/tours" which I should not get.
Checklists
Attachments
Issue Links
- depends upon
-
MGNLREST-97 Implement exception handling for rest endpoint
-
- Closed
-