APIv4 - AJAX errors should say *something* useful #19526
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When calling APIv4 via AJAX, you may sometimes encounter an error. What response do you get? Before ------ You are likely to get a completely blank response (`status=500, body=[]`). There is no information in any of the logs (Apache, PHP, CiviCRM, etc). You have no way to tell what's gone wrong. Of course, if you're logged in as a full administrator, then you may have permission `view debug output`, in which case there might be something useful. But this won't help if you're using a less privileged user. After ----- For the administrator (`view debug output`), you still get a detailed error response. For less privileged users, the error is logged. The response provides a generic message along with an "Error ID". You can use the "Error ID" to locate information in the log. Also, if the error is an `UnauthorizedException`, then the response code will be a semantic 403 instead of a generic 500.
|
(Standard links)
|
|
This seems fine to me MOP |
colemanw
reviewed
Feb 4, 2021
| $statusMap = [ | ||
| \Civi\API\Exception\UnauthorizedException::class => 403, | ||
| ]; | ||
| http_response_code($statusMap[get_class($e) ?? 500]); |
There was a problem hiding this comment.
@totten this code looks incorrect - it is defaulting to the array key 500 but the array does not contain that key.
I think it should be
Suggested change
| http_response_code($statusMap[get_class($e) ?? 500]); | |
| http_response_code($statusMap[get_class($e)] ?? 500); |
totten
added a commit
to totten/civicrm-core
that referenced
this pull request
Feb 4, 2021
This is a follow-up to civicrm#19526 which addresses a typo that causes a misbehavior in reporting the HTTP status code. Before ------ If an API request encounters an exception, then it always returns HTTP 403. After ----- If an API request encounters an exception, then: * It may return HTTP 403 (for an authorization exception) * It may return HTTP 500 (for any other/unrecognized exception)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When calling APIv4 via AJAX, you may sometimes encounter an error. What response do you get?
Before
You are likely to get a completely blank response (
status=500, body=[]). There is no information in any of the logs (Apache, PHP, CiviCRM, etc). You have no way to tell what's gone wrong.Of course, if you're logged in as a full administrator, then you may have permission
view debug output, in which case there might be something useful. But this won't help if you're using a less privileged user.After
For the administrator (
view debug output), you still get a detailed error response.For less privileged users, the error is logged. The response provides a generic message along with an
"Error ID". You can use the "Error ID" to locate information in the log.
Also, if the error is an
UnauthorizedException, then the response code will be a semantic 403 instead of a generic 500.