Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

should RESTX_ERROR_404_HELP be disabled by default? #588

Open
frankli0324 opened this issue Jan 3, 2024 · 1 comment
Open

should RESTX_ERROR_404_HELP be disabled by default? #588

frankli0324 opened this issue Jan 3, 2024 · 1 comment
Labels
question Further information is requested

Comments

@frankli0324
Copy link

Ask a question

background:
I came through #550 and went to flask-restful/flask-restful#780, I see similar behaviors in both libraries. I use restx.
at least it seems to me that author to restful believes the option should never have been existed.

I believe that RESTX_ERROR_404_HELP should at least be disabled by default because:

  • it causes confusion. I spent some time finding who's responsible for the extra error message.
  • there could be security concerns. it could help attackers enumerate the routes.
@frankli0324 frankli0324 added the question Further information is requested label Jan 3, 2024
@frankli0324 frankli0324 changed the title should should RESTX_ERROR_404_HELP be disabled by default? Jan 3, 2024
@peter-doggart
Copy link
Contributor

I'm interested to see other people's opinion on if this is a big issue for them?

I'm always a little bit weary of making any changes to the defaults because they cause breaking changes for user's upgrading versions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@peter-doggart @frankli0324