Ticket #2036 (closed defect: fixed)
TG gives 500 server error instead of 403 or 404
|Reported by:||chrisz||Owned by:||Chris Arndt|
|Severity:||minor||Keywords:||needs tests, JSON, NoApplicableMethods, SecureResource|
In TG 1.x, when you have a JSON controller (e.g. for an autocomplete field) that is part of a SecureResource (i.e. a login protected part of your site), and you try to access that controller without being logged in, then you get a 500 server error instead of a 403 Forbidden error.
The reason is that TG tries to redirect the request to the login page, but the login page does not accept JSON.
Any ideas for a simple fix? I guess we have to either modify the login method or change IdentityFailure in tg.identity.exceptions so that it checks whether JSON was requested.
The other question is why TG raises 500 server error when no applicable controllers are found. Shouldn't it better return a 404 error? That could be achieved by catching NoApplicableMethods in the expose function in tg.controllers and raising cherrypy.HTTPError(404) in this case (maybe with a few precautions, because NoApplicableMethods could also stem from some nested function call).
comment:17 Changed 8 years ago by Chris Arndt
- Owner changed from faide to Chris Arndt
- Status changed from new to assigned