aws-lambda-dotnet icon indicating copy to clipboard operation
aws-lambda-dotnet copied to clipboard
verified publisher icon aws

AspNetCoreServer: make adding exception detail to http response opt-in

Open duncanbrown opened this issue 4 years ago • 1 comments

Issue #, if available: #886

Description of changes: Current behaviour of AspNetCoreServer when an exception is thrown during request processing is to include details of that exception - specifically its type-name - in the HTTP response. This seems insecure, so this change makes that something that must be opted-in to - by default, exception detail will not be returned in the response.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

duncanbrown avatar Aug 13 '21 16:08 duncanbrown

Should this PR be favored in place of https://github.com/aws/aws-lambda-dotnet/pull/1007?

ashishdhingra avatar Mar 22 '22 21:03 ashishdhingra

Thanks for the PR. This PR has been released as part of version 8.0.0 of Amazon.Lambda.AspNetCoreServer. It was a major version bump due to the slight breaking change behavior.

normj avatar Feb 13 '23 07:02 normj

~can you give a tip on how we set this to restore original behaviour? It doesn't seem to be a property on APIGatewayProxyFunction and it's not clear which functions inherit from the function class that the property has been added to.~

mungojam avatar Apr 19 '23 07:04 mungojam

can you give a tip on how we set this to restore original behaviour? It doesn't seem to be a property on APIGatewayProxyFunction and it's not clear which functions inherit from the function class that the property has been added to.

my mistake, my project hadn't updated successfully. It is a property on APIGatewayProxyFunction after all

mungojam avatar Apr 19 '23 07:04 mungojam