search

pallets-eco / flask-jwt

JWT (JSON Web Tokens) for Flask applications
MIT License
564 stars 177 forks source link

Internal Server Error when app.debug = False #74

Closed vimalloc closed 8 years ago

vimalloc commented 8 years ago

When I have debug = True in the flask application, and I make a call to a jwt protected endpoint without an access token I get the following back:

{
  "description": "Request does not contain an access token",
  "error": "Authorization Required",
  "status_code": 401
}

However, when I try the same thing with debug = False, instead I get this:

{"message": "Internal Server Error"}

And in the logs, I see:

flask_jwt.JWTError: Authorization Required. Request does not contain an access token

As far as I can tell, the jwt.init_app() function is registering a custom error handler for JWTErrors in the flask app, however it only seems to be working when flask debug is enabled. Any ideas why this might be the case?

arher commented 8 years ago

Hi, you just need to activate the PROPAGATE_EXCEPTIONS configuration in the Flask app. (which is activated automatically when debug is set to True)

app.config['PROPAGATE_EXCEPTIONS'] = True

and you will get the messages again...

vimalloc commented 8 years ago

D'oh! I wasn't aware of that flask option. Thanks for info! :)

aijogja commented 6 years ago

Is it secure to set PROPAGATE_EXCEPTIONS in production?

kurenai-ryu commented 6 years ago

TBH it's more secure to raise a generic "internal error" than a descriptive one, but also it can help your users or even the rest of your code to understand why it failed

hemantmishra123 commented 1 year ago

Thanks for Your answer and Great After doing this ['PROPAGATE_EXCEPTIONS'] = True this setting resolve my issue in production server.