Paths

Table of Contentst

Differential D16402

Convert some whiny exceptions into quiet MalformedRequest exceptions
ClosedPublic
Actions

Authored by epriestley on Aug 16 2016, 9:07 PM.

Tags

None

Referenced Files

	F14050130: D16402.diff
	Thu, Nov 14, 4:40 PM

	F14038966: D16402.diff
	Mon, Nov 11, 2:59 AM

	F14037891: D16402.id39444.diff
	Sun, Nov 10, 7:51 PM

	F14022956: D16402.diff
	Wed, Nov 6, 9:10 PM

	F14014348: D16402.id.diff
	Sun, Nov 3, 2:01 AM

	F13992154: D16402.diff
	Tue, Oct 22, 2:41 PM

	F13961098: D16402.id39444.diff
	Oct 15 2024, 3:08 AM

	Unknown Object (File)
	Oct 2 2024, 3:22 PM

Subscribers

None

Details

Reviewers

Maniphest Tasks

T11480: Stop sending misbehaving user nonsense to the error log

Commits

rP95cf83f14ead: Convert some whiny exceptions into quiet MalformedRequest exceptions

Summary

Fixes T11480. This cleans up the error logs a little by quieting three common errors which are really malformed requests:

The CSRF error happens when bots hit anything which does write checks.
The "wrong cookie domain" errors happen when bots try to use the security.alternate-file-domain to browse stuff like /auth/start/.
The "no phcid" errors happen when bots try to go through the login flow.

All of these are clearly communicated to human users, commonly encountered by bots, and not useful to log.

I collapsed the CSRFException type into a standard malformed request exception, since nothing catches it and I can't really come up with a reason why anything would ever care.

Test Plan

Hit each error through some level of curl -H ... and/or fakery. Verified that they showed to users before/after, but no longer log.

Hit some other real errors, verified that they log.

Diff Detail

Repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

epriestley updated this revision to Diff 39444.Aug 16 2016, 9:07 PM

epriestley retitled this revision from to Convert some whiny exceptions into quiet MalformedRequest exceptions.

epriestley updated this object.

epriestley edited the test plan for this revision. (Show Details)

epriestley added a reviewer: chad.

epriestley added a task: T11480: Stop sending misbehaving user nonsense to the error log.

chad accepted this revision.Aug 16 2016, 10:43 PM

chad edited edge metadata.

This revision is now accepted and ready to land.Aug 16 2016, 10:43 PM

Closed by commit rP95cf83f14ead: Convert some whiny exceptions into quiet MalformedRequest exceptions (authored by epriestley, committed by epriestley). · Explain WhyAug 16 2016, 10:50 PM

This revision was automatically updated to reflect the committed changes.

joshuaspence mentioned this in D18300: Don't log whiny exceptions for AJAX requests.Jul 30 2017, 10:05 PM

Revision Contents
Changeset List

Path

Size

src/

__phutil_library_map__.php

2 lines

aphront/

AphrontRequest.php

35 lines

exception/

AphrontCSRFException.php

handler/

PhabricatorDefaultRequestExceptionHandler.php

14 lines

applications/

auth/

provider/

PhabricatorAuthProvider.php

6 lines

Diff 39447

src/__phutil_library_map__.php

Loading...

src/aphront/AphrontRequest.php

Loading...

src/aphront/exception/AphrontCSRFException.php

Loading...

src/aphront/handler/PhabricatorDefaultRequestExceptionHandler.php

Loading...

src/applications/auth/provider/PhabricatorAuthProvider.php

Loading...