48
Konsole
6y

What is it exactly...?

Comments
  • 13
    What's with all these shitty APIs giving off wrong error codes?
  • 11
    When shitheads tried to reinvent the wheel
  • 14
    @devTea @kescherRant You guys wouldn't believe what was causing that.
    Some shithead was catching all exceptions and rethrowing them as a RuntimeError.
    Then the handler would think it's a runtime error and throw 500 instead of original error

    The shithead had done something like this in the controller:

    try{
    // ...
    }catch(Exception e){
    throw new RuntimeException(e);
    }

    I can't stop laughing and crying at the same time 🤣😭
  • 12
    Well.. it's slightly better then a 200 response with a 400/500 error.

    Why people can't think to handle errors, beats the hell out of me.
  • 7
    @Konsole sounds a lot like a former colleague except he would probably return 200 empty content.
  • 8
    @C0D4 my colleagues give me 200 with a letter S or E
  • 7
    @devTea ☹️I can handle a 200 if the response actually contains an error eg

    {"success":false,"error":"something went wrong"}
    But mixing error codes or not telling the connector what's actually happening to some extent is just lazy.
  • 2
    Lmfao 🤣🤣🤣🤣
  • 2
    @Konsole was this my code by any chance? :) I do that. Users do not need to know what exactly has failed in the back office. They need to know that the server fucked up, that's all. Giving away TMI opens all sorts of security risks.

    Handle the error? Sure. I do whereever I can. But if I do not know what the error might be or if it doesn't really matter what the error was at some point [assuming that was a mission-critical part of the code] and I cannot possibly recover from it [or don't really want to... Why would I spawn 100 api call retries while my user is waiting for a response? It might take hours], I might just dump the error to the logs for the RCA and tell the user "sorry, there's something off at our side, we couldn't serve your request", rather than giving away my app/infra details. Giving away TMI would tell attackers their attack vectors are working. It might give out clues for other atrack vectors, like sw we're using [ora errors, gson/jackson, etc], unstable/weak parts of the system, etc.
  • 3
    @netikras True. The problem lies with catching 4xx errors then rethrowing them as Runtime error which causes the handler to believe it's a server error.
    The person should have first checked if it were 4xx and sent back the appropriate response rather than just rethrowing 500
  • 5
    *sets up server to send back 418s for all 4xx errors*
  • 2
    Ahaha what In the world is this, it’s just sad man
  • 0
    I suppose it is an error with an identity crisis? Dunno

    But, seriously, there are many devs out there who forget the importance of returning meaningful error messages/codes.
Add Comment