In some error cases including the one above Sitebricks adds a stack trance to the response. This is a security issue with leaking information. We plug the problems we find but is there a way to tell site bricks never to send stack traces?
The problem is not at the Sitebricks level but at your servlet container or Filter level. If you are using a normal servlet container you should configure error pages in web.xml using the directive:
http://www.tutorialspoint.com/servlets/servlets-exception-handling.htm
Alternatively, you can use a filter to check if the response code is not 2XX and display a custom error page yourself.
Sitebricks shows the error trace as a debugging tool.
Related
Trying to see if I can get the stack trace (for both backend and frontend) on Sentry, without actually creating an error. I don't need to create an event, just sort of fetch whatever the last 50 actions (breadcrumbs, I believe?) were. Any help would be much appreciated!
Using Python for backend.
you can just do a captureMessage instead, but remember to enable the attach_stacktrace mode -> https://docs.sentry.io/platforms/python/configuration/options/#attach-stacktrace
This is in regards to the sample: msal-web-sample-0.1.0
I am using tomcat 9 and maven to build and run the msal-web-sample code. It is building fine and running, loading spring, etc. I am able to go out and get a username and passowrd login. However, when it tries to return back to my system (https://localhost:8443/msal4jsample/secure/aad) it just has a bit "ERROR PAGE!" heading with Home Page link going back to the main tomcat page.
In the tomcat runtime it has:
2021-06-29 15:28:06.108 ERROR 6360 --- [io-8443-exec-10] o.s.b.w.servlet.support.ErrorPageFilter : Cannot forward to error page for request [/secure/aad] as the response has already been committed. As a result, the response may have the wrong status code. If your application is running on WebSphere Application Server you may be able to resolve this problem by setting com.ibm.ws.webcontainer.invokeFlushAfterService to false
Of course, that doesn't apply to my setup.
I see the get in the logs returning back OK and don't see any errors on startup. I am at a loss as to where to go from here. Any thoughts?
Also, is there a non-spring implementation that can be used with java but still using MSAL?
Thanks
Alan
Please share additional information about the error. Do you have trouble regrading AAD? Check your environmental settings (Tomcat) if this isn't the case.
Is there a way in Codeigniter to override global errors. For instance if an DB error or PHP critical occurs it wont show the error itself but something like 'Our admin guy is fixing the issue' and the error is just logged and emailed.
Codeigniter lets you handle error messages your way, depending on the HTTP status.
Refer to this documentation on error handling
In addition to #Pos5e5s3dFr3ak's answer, you should handle as many errors as you can manually. For example, if you have a database error, your code should acknowledge (or 'catch') it and perhaps load the appropriate view, or pass it onto a library that will log an email the fault, instead of displaying the intended result.
This method can be used as an alternative, or as an addition to the original answer - sometimes you need not locate the error just by its HTTP response Status Code.
As an example, you may find that the database engine in use is down. If this is the case (you would have to determine if it is indeed down - ie. you are not getting the desired response), you would pass the user on to example.com/error/database, for example.
I have a Classic ASP/VBScript site running on IIS 6, and a program called SmarterStats (found via an earlier question) providing various stats and info from the server logs. This is an internal site, and we do use integrated authentication (AUTH_TYPE = Negotiate).
I'm looking at the report on response codes, and it says that in the last 7 days there have been 255 responses with a 5xx error code... naturally not the most useful stat I could get back.
I have a custom error page for 500 and 500.100 errors that logs the specifics for me to follow up on - and that log is virtually empty. I've tested with an intentionally broken page, and a standard user account, and it is working as expected - custom message, log entry made. (and checked with "friendly error messages" on and off - works either way)
The only entry I have in the log is a single entry for an error -2147024843 (authentication related, took too long to get a response), and that's it... what other errors could be happening and how can I find/track them?
Should I route all the different types of 5xx errors through my custom page? Or is there something else I should be doing?
Resolution: I'm going to go with running all 5xx errors through the custom page. For reasons that leave me totally baffled, the errors have stopped... I've not changed anything, no one has changed anything on that server - but the errors have stopped. Go figure.
It seems like logging all 5xx errors via your custom page might be a good idea. Your logging seems to be working, but SmarterStats seems like it might be giving you bogus data?
What version of SmarterStats are you using?
My hosting provider has Version 5.2 and I can see a detailed list of which pages have produced a 5xx error by going to Report Items > Server Responses > 5xx - Server Errors in the navigation tree. The report that gets displayed has a table listing the pages that have produced the error codes so you can then go investigate those pages to see what may be causing the error.
Depending on your site the error might be perfectly normal, for example I have some custom HTTP handlers which implement a standardised HTTP protocol which actually specifies that 5xx errors should be thrown under certain circumstances.
Though this shouldn't apply to an internal only site on public websites it is sometimes the case that badly written crawlers will access your pages in such a way as to produce an error
I'm writing an application updater that pulls installation package from our distribution web site to the user's PC using the background intelligent download service facility.
More or less everything is working fine now but I'm having a bit of problem getting the application react well to all recoverable errors. Specifically, I'd like the application to handle properly the case of proxy authentication.
In HTTP, it's simple: make a request, get a "407" HTTP response code, prompt for user name/password and repeat until you ether go through or the user press "cancel".
With BITS, it's not that simple. I don't get the HTTP status code. I get a couple of codes: the context (which should be BG_ERROR_CONTEXT_REMOTE_FILE in my case) and an "ErrorCode" that is supposed to depend on the context.
If I request the textual description of the error through GetErrorDescription, I get the correct "407 proxy authentication require" text. But the error code I have is 0x80190197 which is nowhere near 407.
So, does anyone know where I can get a full list of the BITS error code ? Failing that, partial list with the most common errors would be nice.
0x80190197 is not strictly speaking a BITS error, it's an HTTP stack error. The list is available here: Errors (019) FACILITY_HTTP