Skip to content

Improve StrictHttpFirewall error messaging #13615

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
bjornharvold opened this issue Aug 4, 2023 · 0 comments
Closed

Improve StrictHttpFirewall error messaging #13615

bjornharvold opened this issue Aug 4, 2023 · 0 comments
Assignees
@jzheaux
Labels
in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement
Milestone
6.2.0-M3

Comments

@bjornharvold
Copy link
Contributor

bjornharvold commented Aug 4, 2023
edited
Loading

Better error strings for invalid header and parameter values.

We have had an outstanding ticket with Cloudflare (https://support.cloudflare.com/hc/en-us/requests/2858014?page=1) for over a month where we have been trying to get to the bottom of what / who is sending an illegal header value. Because StrictHttpFirewall doesn't tell us what the header name is, it's been a guessing game.

PR
Work done: Updated exception strings to include the header / parameter name for when the value is invalid.

Realized you might not have access to Cloudflare. Here's a screenshot of the ticket.
screencapture-support-cloudflare-hc-en-us-requests-2858014-2023-08-04-13_16_12
@bjornharvold bjornharvold added status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement labels Aug 4, 2023
@jzheaux jzheaux changed the title 📝 docs: StrictHttpFirewall - Better error messages for parameter / header values Improve StrictHttpFirewall error messaging Aug 9, 2023
@jzheaux jzheaux self-assigned this Aug 9, 2023
@jzheaux jzheaux added in: web An issue in web modules (web, webmvc) and removed status: waiting-for-triage An issue we've not yet triaged labels Aug 9, 2023
@jzheaux jzheaux added this to the 6.2.0-M2 milestone Aug 9, 2023
jzheaux pushed a commit to bjornharvold/spring-security that referenced this issue Aug 9, 2023
@bjornharvold @jzheaux
Improve StrictHttpFirewall Error Messaging
0f7426b 
Better error strings for invalid header and parameter values.

Closes spring-projectsgh-13615
jzheaux added a commit to bjornharvold/spring-security that referenced this issue Aug 9, 2023
@jzheaux
Update Copyright and Formatting
b667509 
Issue spring-projectsgh-13615
@sjohnr sjohnr modified the milestones: 6.2.0-M2, 6.2.0-M3 Aug 19, 2023
jzheaux added a commit that referenced this issue Sep 12, 2023
@jzheaux
Update Copyright and Formatting
2a1cf98 
Issue gh-13615
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement
Projects
None yet
Milestone
6.2.0-M3
Development

No branches or pull requests
3 participants
@bjornharvold @jzheaux @sjohnr