CodeIgniter Forums
Codeigniter Exceptions - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: CodeIgniter 4 (https://forum.codeigniter.com/forumdisplay.php?fid=28)
+--- Forum: CodeIgniter 4 Support (https://forum.codeigniter.com/forumdisplay.php?fid=30)
+--- Thread: Codeigniter Exceptions (/showthread.php?tid=76107)



Codeigniter Exceptions - Gary - 04-14-2020

Whilst purposefully throwing a 403 exception, using:
Code:
throw CodeIgniter\Security\Exceptions\SecurityException::forDisallowedAction();

I find that (with the ENVIRONMENT = development), I have a CI error response page displayed, detailing the problem:
Code:
CodeIgniter\Security\Exceptions\SecurityException #403
The action you requested is not allowed.
SYSTEMPATH/Security\Exceptions\SecurityException.php at line 10
3 use CodeIgniter\Exceptions\ExceptionInterface;
4 use CodeIgniter\Exceptions\FrameworkException;
5
6 class SecurityException extends FrameworkException implements ExceptionInterface
7 {
8    public static function forDisallowedAction()
9    {
10        return new static(lang('HTTP.disallowedAction'), 403);
11    }
12 }
… backtrace… etc…

Although the 403 is an error of sorts… and was thrown as an exception, it’s not a CI system/program error, so I am a bit surprised to see all the framework internals in the response.

I repeated the experiment with ENVIRONMENT = production.  This returns a 500 (Internal Server Error ) response.

On a separate, but related, issue, I have also notices that during testing of the CSRF filter, the identical SecurityException #403 errors are reported by the browser, with a trace of the code… and although I’ve not checked for this, I suspect they’ll also become Internal Server Errors (500) if the tests are done with ENVIRONMENT = production.

I have a similar effect with the Honeypot exceptions too… that show an error trace in development, and a 500 in production.

What have I missed to be getting the CI Exceptions/Internal Server Error instead of some sort of http header page (and not what looks like a program error)?  Would it be necessary for me to write something to process/gracefully handle each of these exceptions?

Thanks.