BE: Make it possible to hide stacktraces in HTTP responses #536 #537
Conversation
kapybro
bot
added
status/triage
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Hi mrlittle113! 👋
Welcome, and thank you for opening your first PR in the repo!
Please wait for triaging by our maintainers.
Please take a look at our contributing guide.
| @@ -19,3 +19,7 @@ logging: | |||
| reactor.netty.http.server.AccessLog: INFO | |||
| org.hibernate.validator: WARN | |||
|
|
|||
| web: | |||
There was a problem hiding this comment.
Rather than setting it to false here, let's define a default state for the property:
@Value("${web.exception.include.stacktrace:false}")
| return ServerResponse | ||
| .status(exception.getStatusCode()) | ||
| .contentType(MediaType.APPLICATION_JSON) | ||
| .bodyValue(response); | ||
| } | ||
|
|
||
| private String getStackTrace(Throwable exception) { | ||
| if (!includeStacktraceInException) { | ||
| return ""; |
There was a problem hiding this comment.
A dummy value like Redacted for security reasons might be better, what do you think?
| @@ -35,6 +36,9 @@ | |||
| @Order(Ordered.HIGHEST_PRECEDENCE) | |||
| public class GlobalErrorWebExceptionHandler extends AbstractErrorWebExceptionHandler { | |||
|
|
|||
| @Value("${web.exception.include.stacktrace}") | |||
There was a problem hiding this comment.
Could you also add this property into our contracts, so it could be changed in UI via wizard?
There was a problem hiding this comment.
Can you hind me where to put the config on.
I saw that DynamicConfigOperations load config from DYNAMIC_CONFIG_PATH_ENV_PROPERTY which will be overridden on each configuration submission through UI wizard.
And from README I saw that can enable the dynamic through DYNAMIC_CONFIG_ENABLED: 'true' on docker compose.
There was a problem hiding this comment.
Hello @Haarolean, could you help me with this.
Can you hind me where to put the config on.
I saw that DynamicConfigOperations load config from DYNAMIC_CONFIG_PATH_ENV_PROPERTY which will be overridden on each configuration submission through UI wizard.
And from README I saw that can enable the dynamic through DYNAMIC_CONFIG_ENABLED: 'true' on docker compose.
There was a problem hiding this comment.
You can put it temporarily wherever you wish for testing purposes, I like to put mine into /tmp.
which will be overridden on each configuration submission through UI wizard
You have to pass it separately as an arg, like mentioned here: docker run -it -p 8080:8080 -e spring.config.additional-location=/tmp/config.yml -v /tmp/kui/config.yml:/tmp/config.yml ghcr.io/kafbat/kafka-ui (or an equivalent for a jar file).
There was a problem hiding this comment.
Thank you, I will try it out
Haarolean
added
the
hacktoberfest-accepted
What changes did you make? (Give an overview)
Create a flag in application.yml to enable or disable stacktrace include in error responses
Is there anything you'd like reviewers to focus on?
Where to put the config on, this is my first PR so I am not familiar with the project structure!
How Has This Been Tested? (put an "x" (case-sensitive!) next to an item)
Checklist (put an "x" (case-sensitive!) next to all the items, otherwise the build will fail)
Check out Contributing and Code of Conduct
A picture of a cute animal (not mandatory but encouraged)