Right now, if an exception is thrown while processing an Element API HTTP request, the following code block is triggered:
|
} catch (\Throwable $e) { |
|
$data = [ |
|
'error' => [ |
|
'code' => $e instanceof HttpException ? $e->statusCode : $e->getCode(), |
|
'message' => $e->getMessage(), |
|
] |
|
]; |
|
$statusCode = $e instanceof HttpException ? $e->statusCode : 500; |
|
$statusText = $e->getMessage(); |
|
} |
- The error message is output to the client, regardless of the
devMode setting. I've got info leaking from my API that I would like to keep private for security reasons.
- The response is cached, regardless if an error occurred or not (I can see situations where not caching the error would also be bad, and could drive up server load, but overall my personal expectation would be this is not cached so temporary errors such as failed external network requests don't break an API for an extended period of time):
|
// Cache it? |
|
if ($cache) { |
|
if ($cache !== true) { |
|
$expire = ConfigHelper::durationInSeconds($cache); |
|
} else { |
|
$expire = null; |
|
} |
|
/** @noinspection PhpUndefinedVariableInspection */ |
|
$cacheService->set($cacheKey, $response->content, $expire); |
|
} |
Right now, if an exception is thrown while processing an Element API HTTP request, the following code block is triggered:
element-api/src/controllers/DefaultController.php
Lines 165 to 174 in cb522b8
devModesetting. I've got info leaking from my API that I would like to keep private for security reasons.element-api/src/controllers/DefaultController.php
Lines 197 to 206 in cb522b8