cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Incorrect documentation regarding "Error Sanitization"?

gregorw
SAP Mentor
SAP Mentor

on ‎2023 Feb 07 7:18 AM

0 Kudos
1,689

Hello CAP Community,

the documentation on req.error, notify, info, warn (code?, msg, target?, args?) has a section Error Sanitization. There there behaviour of CAP in a production environment ( NODE_ENV=production ) is described. The documentation contains this sentence:

"Errors defined by app developers are not sanitized and returned to the client unchanged."

I've tested the behaviour in my sample project bookshop-demo. When I use (srv/admin-service.js#L689😞

req.error

and I run in production, I see the following behaviour:

I select the Order No. 9:

and click "Check Consistency V4". The Pop-Up is:

When I test Order No. 7. where the implementation uses req.info but sets numericSeverity = 4 I see this behavour:

I think the statement "Errors defined by app developers are not sanitized and returned to the client unchanged." isn't correct or?

Best Regards
Gregor

cc: rene.jeglinsky

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
Ren
Product and Topic Expert
Product and Topic Expert
‎2023 Feb 07 4:16 PM

Hi Gregor,

thanks for reporting this. We'll get back to you soon.

All the best,

René

gregorw
SAP Mentor
SAP Mentor
‎2023 Mar 07 10:00 PM

Hi rene.jeglinsky,

do you have any update on this topic?

Best Regards
Gregor

Accepted Solutions (0)

Answers (2)

Answers (2)

Ren
Product and Topic Expert
Product and Topic Expert
‎2024 Apr 25 12:14 PM
0 Kudos

Hi @gregorw ,

I'm sorry if I missed it, but have you added the status to your error message? This is required and the docs are not very specific about that. If this is the issue, we'll surely fix it!

Regards,
René

Show replies
Show replies
nicorunge
Participant
‎2024 Apr 25 1:41 PM
0 Kudos

Hi @Ren,

I still cannot bring these two sentences together.

"Hence, we sanitize all server-side errors thrown by the CAP framework. That is, all errors with a 5xx status code"

"Errors defined by app developers aren't sanitized and returned to the client unchanged."

Does this mean, it's not sanitized when setting any status, or only for status 4xx?

Thanks,
Nico

Ren
Product and Topic Expert
Product and Topic Expert
‎2024 Apr 26 8:02 AM
Well, let me check and get back to you.
gregorw
SAP Mentor
SAP Mentor
‎2024 Dec 02 3:22 PM
0 Kudos

Hi @Ren ,

any updates on this topic?

Best regards,
Gregor

CatalinChiuaru
Explorer
‎2024 Apr 05 4:52 AM
0 Kudos

Hello Gregor,

I have the same issue as you had in the past - locally the error message is shown properly on the SAP Fiori app, but in production (on BTP) the generic internal server error appears.

Was it possible to solve it in your case and if yes, could you please provide some small instructions on how you fixed it?

Thank you very much,

Cata

Show replies
Show replies
nicorunge
Participant
‎2024 Apr 23 12:41 PM
0 Kudos
It seems that this problem still exists.
Ask a Question