• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
SecurityException #403

#1
Whilst purposefully throwing a 403 exception, using:

Code:
throw CodeIgniter\Security\Exceptions\SecurityException::forDisallowedAction();

I find that (with the ENVIRONMENT = development), I have a CI error response page displayed, detailing the problem:

Code:
CodeIgniter\Security\Exceptions\SecurityException #403
The action you requested is not allowed.

SYSTEMPATH/Security\Exceptions\SecurityException.php at line 10

3 use CodeIgniter\Exceptions\ExceptionInterface;
4 use CodeIgniter\Exceptions\FrameworkException;
5
6 class SecurityException extends FrameworkException implements ExceptionInterface
7 {
8    public static function forDisallowedAction()
9    {
10        return new static(lang('HTTP.disallowedAction'), 403);
11    }
12 }
… backtrace… etc…

Although the 403 is an error of sorts… and was thrown as an exception, it’s not a CI system error, so I am a bit surprised to see all the framework internals in the response.

I repeated the experiment with ENVIRONMENT = production.  This returns a 500 (Internal Server Error) response.

I have also noticed that during testing of my CSRF filter, the identical  SecurityException #403 errors are reported by the browser, with a trace of the code… and although I’ve not checked for this, I suspect these will also become Internal Server Errors (500) if the tests are done with ENVIRONMENT = production.

I have tried to disable 'toolbar' in the Filters, just in case this was causing the reporting.

What have I missed to be getting the CI SecurityException/Internal Server Error instead of a simple 403 header response page?

Thanks.
Reply


Messages In This Thread
SecurityException #403 - by Gary - 04-13-2020, 02:52 PM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.