1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-19 12:00:55 +01:00
No description
Find a file
epriestley 95cf83f14e Convert some whiny exceptions into quiet MalformedRequest exceptions
Summary:
Fixes T11480. This cleans up the error logs a little by quieting three common errors which are really malformed requests:

  - The CSRF error happens when bots hit anything which does write checks.
  - The "wrong cookie domain" errors happen when bots try to use the `security.alternate-file-domain` to browse stuff like `/auth/start/`.
  - The "no phcid" errors happen when bots try to go through the login flow.

All of these are clearly communicated to human users, commonly encountered by bots, and not useful to log.

I collapsed the `CSRFException` type into a standard malformed request exception, since nothing catches it and I can't really come up with a reason why anything would ever care.

Test Plan:
Hit each error through some level of `curl -H ...` and/or fakery. Verified that they showed to users before/after, but no longer log.

Hit some other real errors, verified that they log.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11480

Differential Revision: https://secure.phabricator.com/D16402
2016-08-16 15:50:21 -07:00
bin Provide bin/nuance import and ngram indexes for sources 2016-03-08 10:30:24 -08:00
conf Support "ssl.chain" in Aphlict configuration 2016-04-14 10:41:21 -07:00
externals Improve Amazon SES code error handling behavior 2016-04-05 17:28:45 -07:00
resources Survive receipt of too much workboard column position information 2016-08-14 09:13:08 -07:00
scripts Update Phabricator logo 2016-08-07 11:35:21 -07:00
src Convert some whiny exceptions into quiet MalformedRequest exceptions 2016-08-16 15:50:21 -07:00
support Blanket reject request which may have been poisoned by a "Proxy" header to mitigate the httpoxy vulnerability 2016-07-21 20:18:06 -07:00
webroot Survive receipt of too much workboard column position information 2016-08-14 09:13:08 -07:00
.arcconfig Set "history.immutable" to "false" explicitly in .arcconfig 2016-08-03 08:12:49 -07:00
.arclint Begin adding test coverage to GitHub Events API parsers 2016-03-09 09:30:07 -08:00
.arcunit Use the configuration driven unit test engine 2015-08-11 07:57:11 +10:00
.editorconfig Fix text lint issues 2015-02-12 07:00:13 +11:00
.gitignore Make i18n string extraction faster and more flexible 2016-07-04 10:23:30 -07:00
LICENSE Fix text lint issues 2015-02-12 07:00:13 +11:00
NOTICE Update Phabricator NOTICE file to reflect modern legal circumstances 2014-06-25 13:42:13 -07:00
README.md Remove push to IRC from "readme.md" too 2015-10-24 18:39:16 -07:00

Phabricator is a collection of web applications which help software companies build better software.

Phabricator includes applications for:

  • reviewing and auditing source code;
  • hosting and browsing repositories;
  • tracking bugs;
  • managing projects;
  • conversing with team members;
  • assembling a party to venture forth;
  • writing stuff down and reading it later;
  • hiding stuff from coworkers; and
  • also some other things.

You can learn more about the project (and find links to documentation and resources) at Phabricator.org

Phabricator is developed and maintained by Phacility.


SUPPORT RESOURCES

For resources on filing bugs, requesting features, reporting security issues, and getting other kinds of support, see Support Resources.

NO PULL REQUESTS!

We do not accept pull requests through GitHub. If you would like to contribute code, please read our Contributor's Guide.

LICENSE

Phabricator is released under the Apache 2.0 license except as otherwise noted.