Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-31672

Rest API calls should not return exception messages

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 10.10, 2021
    • Fix Version/s: 2021.40, 2023.1
    • Component/s: Rest API
    • Release Notes Summary:
      The nuxeo conf property "org.nuxeo.rest.exception.message.enabled" is available to hide exception messages at Rest API level
    • Release Notes Description:
      Hide

      See documentation

      Show
      See documentation
    • Tags:
    • Backlog priority:
      850
    • Sprint:
      nxplatform #90, nxplatform #91

      Description

      A client identified the inclusion of complete exception messages in failed requests as a potential security risk and a conflict with their security guidelines.

      Rest API calls should not return exception messages OR clients should have the option of suppressing the behavior.

        Attachments

          Issue Links

          mentioned in

          Page Loading...

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: