Feature #90134
Updated by Christian Eßl over 4 years ago
See issue #87917. If a bot submits a faulty extbase form (like with a manipulated __trustedProperties field), usually the following uncaught exception will be thrown: <pre><code class="php"> The given string was not appended with a valid HMAC </code></pre> The server will then - as with any other exception - send a status 500 back, that makes it look as if an a server error occured. This also means the error will then be automatically logged with any logging tool you are using and you would have to either manually: - block the bots that are using the form wrong - create a rule in your logging tool to prevent those messages from flooding your logs. I think it would be better to just send a status code *"400 "*400 - BAD REQUEST"* REQUEST*" in this case. As this actually comes from a bad client request the server can't compute.