tonic icon indicating copy to clipboard operation
tonic copied to clipboard
verified publisher icon hyperium

Status API and propagation

Open dfawley opened this issue 6 months ago • 0 comments

The Tonic API allows for easy propagation of errors between clients and servers. E.g.

fn server_handler(_) -> Result<_, tonic::Status> {
  _ = client.outgoing_call(_).await? // Return any client status as a server status
}

This usage is problematic for two reasons:

  1. If the status code is directly propagated, then it can cause correctness issues. E.g. if the client above returned INVALID_ARGUMENT, then that probably should go back from the outer service as INTERNAL, since it was likely a programmer error in the service making the call to the client.

  2. If the trailers are propagated along with the status, then that's a security issue, since they could contain sensitive information.

I believe we need a change that prevents ? from being able to propagate statuses in this way, e.g. by having a different Status type returned by servers than the one given to clients.

dfawley avatar Jul 02 '25 20:07 dfawley