flask-restx icon indicating copy to clipboard operation
flask-restx copied to clipboard
verified publisher icon python-restx

should RESTX_ERROR_404_HELP be disabled by default?

Open frankli0324 opened this issue 1 year ago • 1 comments

Ask a question

background: I came through https://github.com/python-restx/flask-restx/issues/550 and went to https://github.com/flask-restful/flask-restful/issues/780, I see similar behaviors in both libraries. I use restx. at least it seems to me that author to restful believes the option should never have been existed.

I believe that RESTX_ERROR_404_HELP should at least be disabled by default because:

  • it causes confusion. I spent some time finding who's responsible for the extra error message.
  • there could be security concerns. it could help attackers enumerate the routes.

frankli0324 avatar Jan 03 '24 13:01 frankli0324

I'm interested to see other people's opinion on if this is a big issue for them?

I'm always a little bit weary of making any changes to the defaults because they cause breaking changes for user's upgrading versions.

peter-doggart avatar Jan 15 '24 12:01 peter-doggart