https://www.redmine.org/https://www.redmine.org/favicon.ico?16793021292013-01-18T11:09:52ZRedmineRedmine - Feature #12898: Handle GET /issues/context_menu parameters nicely to prevent returning error 500 to crawlershttps://www.redmine.org/issues/12898?journal_id=446532013-01-18T11:09:52ZEtienne Massip
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Closed</i></li><li><strong>Resolution</strong> set to <i>Invalid</i></li></ul><p>This URL is called when right-clicking the issues list and is expecting a <code>ids[]=<issue id></code> parameter matching each selected issue (try <code>/issues/context_menu?ids[]=10&ids[]=11</code> or whatever ids).</p>
<p>It is not meant to be called directly.</p> Redmine - Feature #12898: Handle GET /issues/context_menu parameters nicely to prevent returning error 500 to crawlershttps://www.redmine.org/issues/12898?journal_id=446562013-01-18T12:17:43ZBjörn Peemöller
<ul><li><strong>Status</strong> changed from <i>Closed</i> to <i>Reopened</i></li></ul><p>Okay, I understand that. But I think returning a status code 400 indicating a bad request (or something similar) would be much better than relying on the Ruby code to crash. Therefore, I'm reopening this issue.</p> Redmine - Feature #12898: Handle GET /issues/context_menu parameters nicely to prevent returning error 500 to crawlershttps://www.redmine.org/issues/12898?journal_id=446582013-01-18T13:33:37ZEtienne Massip
<ul></ul><p>Björn Peemöller wrote:</p>
<blockquote>
<p>Okay, I understand that. But I think returning a status code 400 indicating a bad request (or something similar) would be much better than relying on the Ruby code to crash. Therefore, I'm reopening this issue.</p>
</blockquote>
<p>Why would you care, this URL is intended for internal use only?</p> Redmine - Feature #12898: Handle GET /issues/context_menu parameters nicely to prevent returning error 500 to crawlershttps://www.redmine.org/issues/12898?journal_id=446652013-01-18T15:02:43ZBjörn Peemöller
<ul></ul><p>Etienne Massip wrote:</p>
<blockquote>
<p>Why would you care, this URL is intended for internal use only?</p>
</blockquote>
<p>Because I think that the API accessible from the outside world (in this case, accessible URLs) should be stable in the sense that even wrong parameters should not lead to a runtime error.</p>
<p>By the way, I found out that the <a href="http://www.google.com/bot.html" class="external">Google Bot</a> first asked for this URL, which is given in the initialization of the context menu:</p>
<pre>
<script type="text/javascript">
//<![CDATA[
contextMenuInit('/redmine/issues/context_menu')
//]]>
</script>
</pre>
<p>I only noticed this because Airbrake automatically notifies me about internal server errors. If you do not intend to change this, I can configure Airbrake to conceal this error, of course.</p> Redmine - Feature #12898: Handle GET /issues/context_menu parameters nicely to prevent returning error 500 to crawlershttps://www.redmine.org/issues/12898?journal_id=446662013-01-18T15:16:47ZEtienne Massip
<ul><li><strong>Tracker</strong> changed from <i>Defect</i> to <i>Feature</i></li><li><strong>Subject</strong> changed from <i>Get-Request of URL /issues/context_menu causes Error 500</i> to <i>Handle GET /issues/context_menu parameters nicely to prevent returning error 500 to crawlers</i></li><li><strong>Category</strong> set to <i>Code cleanup/refactoring</i></li><li><strong>Target version</strong> set to <i>Candidate for next major release</i></li><li><strong>Resolution</strong> deleted (<del><i>Invalid</i></del>)</li></ul><p>Björn Peemöller wrote:</p>
<blockquote>
<p>Because I think that the API accessible from the outside world (in this case, accessible URLs) should be stable in the sense that even wrong parameters should not lead to a runtime error.</p>
</blockquote>
<p>Agreed but this is not part of an API.</p>
<blockquote>
<p>I only noticed this because Airbrake automatically notifies me about internal server errors. If you do not intend to change this, I can configure Airbrake to conceal this error, of course.</p>
</blockquote>
<p>No, I simply need a good reason, you just gave me one.<br />I set it as a FR since it's not exactly a defect to me (it's working as expected), fixer is free to switch it back to Defect.</p> Redmine - Feature #12898: Handle GET /issues/context_menu parameters nicely to prevent returning error 500 to crawlershttps://www.redmine.org/issues/12898?journal_id=447152013-01-20T10:56:37ZBjörn Peemöller
<ul></ul><p>Thanks, that sounds good.</p> Redmine - Feature #12898: Handle GET /issues/context_menu parameters nicely to prevent returning error 500 to crawlershttps://www.redmine.org/issues/12898?journal_id=447352013-01-20T16:04:47ZJean-Philippe Langjp_lang@yahoo.fr
<ul><li><strong>Status</strong> changed from <i>Reopened</i> to <i>Closed</i></li><li><strong>Assignee</strong> set to <i>Jean-Philippe Lang</i></li><li><strong>Target version</strong> changed from <i>Candidate for next major release</i> to <i>2.3.0</i></li><li><strong>Resolution</strong> set to <i>Fixed</i></li></ul><p>Fixed in <a class="changeset" title="Respond with 404 when params[:ids] is missing (#12898)." href="https://www.redmine.org/projects/redmine/repository/svn/revisions/11226">r11226</a>. You get a 404 response now.</p>