Open VEscaname opened 6 months ago
@hugho-ad @moylop260 @xmglord Could you please take a look?
could you share a video/screenshots about the output to the user and output in the logger, please?
could you share a video/screenshots about the output to the user and output in the logger, please?
Sure thing. Here is the link to the video. I also added the requested screenshots to the PR description
@mart-e
I'm curious what Odoo thinks about
@moylop260 as explained by my collegue by email, we don’t really consider this as an issue as the code is open source anyway. At least in term of security, might be different for a UX point of view but it’s hidden for visitors anyway.
Also, it’s easy to hide it by customizing http_routing.http_error
if needed.
Description of the issue/feature this PR addresses: Returning verbose errors presents a vulnerability to subsequent attacks by sharing information that could be used to find and exploit vulnerabilites.
Current behavior before PR: Errors can be displayed in an error page with a full traceback for debugging
Desired behavior after PR is merged: The traceback sent to the template for the error page now displays a hash instead. This hash will match a hash that will accompany the error within the log, so that errors raised can still be debugged
Related Task T#77665