Closed benjamin-smith closed 3 years ago
I ran into this issue in a different context. I am in the process of migrating a Craft 2 site to Craft 3. Craft 3 deprecates the "locale"-parameter we used for making our element api endpoints support multiple locales, like this:
$locale = craft()->request->getParam('locale', 'en'); return [ 'elementType' => 'Entry', 'criteria' => [ 'section' => 'someSection', 'locale' => $locale ],
Now we use "site" instead to do that but this issue affects that. Earlier we were able to call our API endpoints with non-existing locales and just receive an empty data array. However now that we are using site, we get a 404 error:
{"error":{"code":404,"message":"Invalid site handle: fr"}}
.
I am fairly certain that this is directly linked to this same issue.
Element API 2.7.0 is out now, which only caches 200 responses.
@brandonkelly I can open a separate issue with the details of the error reporting leak, unless that was also addressed in 2.7.0?
@benjamin-smith Just released Element API 2.8.0, which no longer includes the exception message unless it’s an instance of yii\base\UserException
(which indicates that the message is user-friendly).
Right now, if an exception is thrown while processing an Element API HTTP request, the following code block is triggered:
https://github.com/craftcms/element-api/blob/cb522b844af23cfc987b2a8dc38a53cd5001a70e/src/controllers/DefaultController.php#L165-L174
devMode
setting. I've got info leaking from my API that I would like to keep private for security reasons.