samuelstroschein
commented
1 year ago The current 403 implementation is a footgun. TypeScript does not lint "redundant" arguments but telefunc throws a 403 on redundant arguments.
Open samuelstroschein opened 1 year ago
samuelstroschein
commented
1 year ago The current 403 implementation is a footgun. TypeScript does not lint "redundant" arguments but telefunc throws a 403 on redundant arguments.
brillout
commented
1 year ago I agree these kind of situations should be easy to debug.
I've a couple of ideas to improve the situation.
brillout
commented
1 year ago I've a couple of ideas to improve the situation.
I'll implement them after I finish VPS's V1 design.
2. Telefunc aborts function calls with bad arguments with status code 403 instead of 400
Telefunc generates shield functions for arguments automatically. But, passing bad arguments to an API call is not a 403 (forbidden) but a 400 (bad request) status code. The 403 status code lead to an hour-long wandering path that the problem was related to auth.
Originally posted by @samuelstroschein in https://github.com/brillout/telefunc/issues/56#issuecomment-1397929356
Proposal
Auto-generated shield functions that protect function arguments should return / throw a 400 (bad request) status code instead of a 403 (permission denied) status code.