phorge-phorge

mirror of https://we.phorge.it/source/phorge.git synced 2024-12-04 04:32:43 +01:00

History

epriestley 95cf83f14e Convert some whiny exceptions into quiet MalformedRequest exceptions Summary: Fixes T11480. This cleans up the error logs a little by quieting three common errors which are really malformed requests: - The CSRF error happens when bots hit anything which does write checks. - The "wrong cookie domain" errors happen when bots try to use the `security.alternate-file-domain` to browse stuff like `/auth/start/`. - The "no phcid" errors happen when bots try to go through the login flow. All of these are clearly communicated to human users, commonly encountered by bots, and not useful to log. I collapsed the `CSRFException` type into a standard malformed request exception, since nothing catches it and I can't really come up with a reason why anything would ever care. Test Plan: Hit each error through some level of `curl -H ...` and/or fakery. Verified that they showed to users before/after, but no longer log. Hit some other real errors, verified that they log. Reviewers: chad Reviewed By: chad Maniphest Tasks: T11480 Differential Revision: https://secure.phabricator.com/D16402	2016-08-16 15:50:21 -07:00
..
AphrontException.php	Apply some autofix linter rules	2014-09-10 06:55:05 +10:00
AphrontMalformedRequestException.php	Replace AphrontUsageException with AphrontMalformedRequestException	2015-09-03 10:04:17 -07:00

epriestley 95cf83f14e Convert some whiny exceptions into quiet MalformedRequest exceptions

Summary:
Fixes T11480. This cleans up the error logs a little by quieting three common errors which are really malformed requests:

  - The CSRF error happens when bots hit anything which does write checks.
  - The "wrong cookie domain" errors happen when bots try to use the `security.alternate-file-domain` to browse stuff like `/auth/start/`.
  - The "no phcid" errors happen when bots try to go through the login flow.

All of these are clearly communicated to human users, commonly encountered by bots, and not useful to log.

I collapsed the `CSRFException` type into a standard malformed request exception, since nothing catches it and I can't really come up with a reason why anything would ever care.

Test Plan:
Hit each error through some level of `curl -H ...` and/or fakery. Verified that they showed to users before/after, but no longer log.

Hit some other real errors, verified that they log.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11480

Differential Revision: https://secure.phabricator.com/D16402

2016-08-16 15:50:21 -07:00

AphrontException.php

Apply some autofix linter rules

2014-09-10 06:55:05 +10:00

AphrontMalformedRequestException.php

Replace AphrontUsageException with AphrontMalformedRequestException

2015-09-03 10:04:17 -07:00