Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add message to NotFound exception #1566

Merged
merged 1 commit into from Oct 26, 2019
Merged

Add message to NotFound exception #1566

merged 1 commit into from Oct 26, 2019

Conversation

stefansundin
Copy link
Contributor

Hi. I am currently monkey-patching this in my own project, but I think it would be useful for everyone, so I'm submitting this PR.

Add request method and path to the NotFound exception message. This is useful for exception reporting tools.

As an example, this is what Airbrake looks before this change. I can still get the URL but I have to click in to each report. It is very hard to get a nice overview.

before

And this is what it looks like after:

after

Let me know what you think!

@jkowens
Copy link
Member

jkowens commented Aug 31, 2019

Looks like a great improvement to me 👍🏻

@BerkhanBerkdemir
Copy link

I believe the documentation also needs an update after this improvement like

...raise a NotFound exception with the path as message.

https://github.com/stefansundin/sinatra/blob/243dca5c40650269cec922ed8decfbf6f5eea83a/lib/sinatra/base.rb#L1044-L1048

@jkowens jkowens merged commit f515356 into sinatra:master Oct 26, 2019
tomohiro added a commit to tomohiro/fluentular that referenced this pull request Jan 7, 2020
@tomohiro
Fix behavior of NotFoundException
6310d75 
See github.com/sinatra/sinatra/pull/1566
@aldentea aldentea mentioned this pull request Jan 28, 2020
Closed
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Mar 20, 2020
www/ruby-sinatra: update to 2.0.8.1
610f760 
Update ruby-sinatra to 2.0.8.1.


## 2.0.8.1 / 2020-01-02

* Allow multiple hashes to be passed in `merge` and `merge!` for `Sinatra::IndifferentHash` [#1572](sinatra/sinatra#1572) by Shota Iguchi

## 2.0.8 / 2020-01-01

* Lookup Tilt class for template engine without loading files [#1558](sinatra/sinatra#1558). Fixes [#1172](sinatra/sinatra#1172) by Jordan Owens

* Add request info in NotFound exception [#1566](sinatra/sinatra#1566) by Stefan Sundin

* Add `.yaml` support in `Sinatra::Contrib::ConfigFile` [#1564](sinatra/sinatra#1564). Fixes [#1563](sinatra/sinatra#1563) by Emerson Manabu Araki

* Remove only routing parameters from @params hash [#1569](sinatra/sinatra#1569). Fixes [#1567](sinatra/sinatra#1567) by Jordan Owens, Horacio

* Support `capture` and `content_for` with Hamlit [#1580](sinatra/sinatra#1580) by Takashi Kokubun

* Eliminate warnings of keyword parameter for Ruby 2.7.0 [#1581](sinatra/sinatra#1581) by Osamtimizer

## 2.0.7 / 2019-08-22

* Fix a regression [#1560](sinatra/sinatra#1560) by Kunpei Sakai

## 2.0.6 / 2019-08-21

* Fix an issue setting environment from command line option [#1547](sinatra/sinatra#1547), [#1554](sinatra/sinatra#1554) by Jordan Owens, Kunpei Sakai

* Support pandoc as a new markdown renderer [#1533](sinatra/sinatra#1533) by Vasiliy

* Remove outdated code for tilt 1.x [#1532](sinatra/sinatra#1532) by Vasiliy

* Remove an extra logic for `force_encoding` [#1527](sinatra/sinatra#1527) by Jordan Owens

* Avoid multiple errors even if `params` contains special values [#1526](sinatra/sinatra#1527) by Kunpei Sakai

* Support `bundler/inline` with `require 'sinatra'` integration [#1520](sinatra/sinatra#1520) by Kunpei Sakai

* Avoid `TypeError` when params contain a key without a value on Ruby < 2.4 [#1516](sinatra/sinatra#1516) by Samuel Giddins

* Improve development support and documentation and source code by  Olle Jonsson, Basavanagowda Kanur, Yuki MINAMIYA
rogerhu pushed a commit to rogerhu/padrino-framework that referenced this pull request May 11, 2020
fix test because of changes in sinatra/sinatra#1566
7c55a92
rogerhu pushed a commit to rogerhu/padrino-framework that referenced this pull request May 11, 2020
fix test because of changes in sinatra/sinatra#1566
bf8e55d
rogerhu pushed a commit to rogerhu/padrino-framework that referenced this pull request May 11, 2020
fix test because of changes in sinatra/sinatra#1566
87b1365
@raxoft
Copy link
Contributor

raxoft commented May 19, 2022

I wonder who really thought this is a great change. Instead of providing the fixed size message body which corresponds to the error so the user can immediately see what was wrong you have turned this into an echo engine so people can ddos not only your incoming bandwidth but also the outcoming one. Great. 🤦

And while the OP could have simply used the not_found handler to get this functionality, without monkey patching anything, you have now forced this on everyone who was happy with the prior behavior, so they will now have to work around this. Double facepalm.

Sorry for being negative, but this really didn't please me at all.

@raxoft raxoft mentioned this pull request May 20, 2022
Merged
@raxoft
Copy link
Contributor

raxoft commented May 20, 2022

Seriously, guys, can we talk about getting this reverted? @zzak? @namusyaka? There are so many things wrong with this. To name a few:

  • First of all, echoing back unverified content in this date and age when XSS attacks are being fought all around seems pretty stupid, to put it mildly. Until you fixed it later in Add escaping to the static 404 page. #1645, this didn't even escape things properly.
  • You want the "not found" case to be handled as quickly as possible, so you don't waste extra resources on those, especially when being scanned by tons of bots with random probes etc. You have now slowed this by creating strings of semi-arbitrary length and sending them back, wasting more resources along your entire infrastructure. The people who will ddos you with cache poisoning attacks will be very pleased.
  • With the app sitting back behind some front end proxy servers, which may alter the URLs, including adding some private information which perhaps shouldn't be revealed, you have now allowed this to be echoed back to the world. Wonderful.
  • The fact that you imposed this on everyone by default without warning is sad, too. Seeing how many specs it broke this should have been marked as a change which breaks the prior contract.
  • Last but not least, this was entirely pointless change in the first place. The OP could have used this in his app to get the very same result (adding whatever escaping he wanted, eventually):
  not_found do
    content_type :text
    "#{env['REQUEST_METHOD']} #{env['REQUEST_URI']}"
  end

So, where do we move from here? I am willing to prepare a pull request which reverts this and fixes the specs, too. But I would like to know first that it has a chance of being accepted.

And sorry for not objecting earlier. We seldom upgrade our gems when there is no need and sinatra was mature and stable enough as it was... I found this only when starting on a new app and using the latest versions of everything.

@dentarg
Copy link
Member

dentarg commented May 20, 2022

I've felt this pain too, would be onboard with a change (maybe optional?), but I think rack does the same? https://github.com/rack/rack/blob/a7747ec32e9971649257e838b0b49b9588945107/lib/rack/urlmap.rb#L79

@raxoft
Copy link
Contributor

raxoft commented May 20, 2022
edited

I think rack does the same?

Good point, but IMO the context is entirely different. I mean, rack does report that only when it doesn't find the app responsible for some path mapping, which in practice should happen only while you are setting up and testing the stack, but never in production. Whereas sinatra does that now for every path which is not found, unconditionally, even if everything is set up as it should be.

Edit: You may compare it to the not found and error handlers while in development. I am grateful that sinatra does that in dev mode, as it helps seeing the request and everything. But echoing the path back in production is wrong, IMO.

@dentarg
Copy link
Member

dentarg commented May 25, 2022

@raxoft I think you should open a PR changing this, I support it

@jkowens
Copy link
Member

jkowens commented Jun 1, 2022

@raxoft is a PR incoming?

@raxoft
Copy link
Contributor

raxoft commented Jun 2, 2022

Definitely. Sorry for the wait. I know it should be just few lines in the end, but I have been very busy with other things recently, and this week is not any better. I'll do my best to get back to this ASAP. Thanks.

@raxoft raxoft mentioned this pull request Jun 14, 2022
Merged
@raxoft
Copy link
Contributor

raxoft commented Jun 14, 2022

Finally got around to creating the PR. Sorry for the long wait and thanks for looking into this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BerkhanBerkdemir BerkhanBerkdemir BerkhanBerkdemir approved these changes

@namusyaka namusyaka Awaiting requested review from namusyaka

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@stefansundin @jkowens @BerkhanBerkdemir @raxoft @dentarg