Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Konsole30496y@devTea @kescherRant You guys wouldn't believe what was causing that.
Some shithead was catching all exceptions and rethrowing them as a RuntimeError.
Then the handler would think it's a runtime error and throw 500 instead of original error
The shithead had done something like this in the controller:
try{
// ...
}catch(Exception e){
throw new RuntimeException(e);
}
I can't stop laughing and crying at the same time 🤣😭 -
C0D4669026yWell.. it's slightly better then a 200 response with a 400/500 error.
Why people can't think to handle errors, beats the hell out of me. -
Voxera113886y@Konsole sounds a lot like a former colleague except he would probably return 200 empty content.
-
C0D4669026y@devTea ☹️I can handle a 200 if the response actually contains an error eg
{"success":false,"error":"something went wrong"}
But mixing error codes or not telling the connector what's actually happening to some extent is just lazy. -
@Konsole was this my code by any chance? :) I do that. Users do not need to know what exactly has failed in the back office. They need to know that the server fucked up, that's all. Giving away TMI opens all sorts of security risks.
Handle the error? Sure. I do whereever I can. But if I do not know what the error might be or if it doesn't really matter what the error was at some point [assuming that was a mission-critical part of the code] and I cannot possibly recover from it [or don't really want to... Why would I spawn 100 api call retries while my user is waiting for a response? It might take hours], I might just dump the error to the logs for the RCA and tell the user "sorry, there's something off at our side, we couldn't serve your request", rather than giving away my app/infra details. Giving away TMI would tell attackers their attack vectors are working. It might give out clues for other atrack vectors, like sw we're using [ora errors, gson/jackson, etc], unstable/weak parts of the system, etc. -
Konsole30496y@netikras True. The problem lies with catching 4xx errors then rethrowing them as Runtime error which causes the handler to believe it's a server error.
The person should have first checked if it were 4xx and sent back the appropriate response rather than just rethrowing 500 -
I suppose it is an error with an identity crisis? Dunno
But, seriously, there are many devs out there who forget the importance of returning meaningful error messages/codes.
What is it exactly...?
rant
wrong status codes