Closed amcgregor closed 3 years ago
HTTP exceptions are caught and utilized as if they were a value returned by the endpoint, ultimately applied to the context by the BaseExtension
registered render_response
view, as HTTPException
objects are themselves Response
instances, WSGI applications. 2840daf now transfers a subset of headers from the existing cooperatively-populated Response
instance:
Access-
Cross-
Content-
X-
Origin
.Allow
Server
Strict-Transport-Security
Upgrade-Insecure-Requests
Set-Cookie
Notably especially for CORS, certain headers should be preserved regardless of final outcome, such as the
Allow
header identifying the HTTP verbs that are allowed, a la anOPTIONS
request. Exceptions generated by extensions (such as ACL verification failure, incoming data transformation) or via in-endpoint raise currently replacecontext.response
with the exception (since it is a valid WSGI application andResponse
instance), nuking any cooperative changes that have been made to the original.On exception, all response headers excepting content headers should be transferred.