SecurityException #403 - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: CodeIgniter 4 (https://forum.codeigniter.com/forumdisplay.php?fid=28) +--- Forum: CodeIgniter 4 Support (https://forum.codeigniter.com/forumdisplay.php?fid=30) +--- Thread: SecurityException #403 (/showthread.php?tid=76085) |
SecurityException #403 - Gary - 04-13-2020 Whilst purposefully throwing a 403 exception, using: Code: throw CodeIgniter\Security\Exceptions\SecurityException::forDisallowedAction(); I find that (with the ENVIRONMENT = development), I have a CI error response page displayed, detailing the problem: Code: CodeIgniter\Security\Exceptions\SecurityException #403 Although the 403 is an error of sorts… and was thrown as an exception, it’s not a CI system error, so I am a bit surprised to see all the framework internals in the response. I repeated the experiment with ENVIRONMENT = production. This returns a 500 (Internal Server Error) response. I have also noticed that during testing of my CSRF filter, the identical SecurityException #403 errors are reported by the browser, with a trace of the code… and although I’ve not checked for this, I suspect these will also become Internal Server Errors (500) if the tests are done with ENVIRONMENT = production. I have tried to disable 'toolbar' in the Filters, just in case this was causing the reporting. What have I missed to be getting the CI SecurityException/Internal Server Error instead of a simple 403 header response page? Thanks. RE: SecurityException #403 - atom02 - 12-10-2021 do you solve this? RE: SecurityException #403 - kenjis - 12-10-2021 > I repeated the experiment with ENVIRONMENT = production. This returns a 500 (Internal Server Error) response. I got 403 Whoops page. Don't use Exceptions to normal operation. Use it to abnormal operation. If you want to return 403 page: PHP Code: return $this->response->setStatusCode(403)->setBody('403 Forbidden'); RE: SecurityException #403 - Gary - 08-21-2022 Thanks for the pointer kenjis. At the time I'd been throwing exceptions for test purpose... I don't recall what my final conclusion was, it's possible it was just finger-trouble on my side (?). This messaging board doesn't make it immediately obvious that one's posts have replies, so missed it until now, sorry. |