Project

General

Profile

Feature #90134

Updated by Christian Eßl about 4 years ago

See issue #87917. 
 If a bot submits a faulty extbase form (like with a manipulated __trustedProperties field), usually the following uncaught exception will be thrown: 

 <pre><code class="php"> 
 The given string was not appended with a valid HMAC 
 </code></pre> 


 The server will then - as with any other exception - send a status 500 back, that makes it look as if an a server error occured. This also means the error will then be automatically logged with any logging tool you are using and you would have to either manually: 
 - block the bots that are using the form wrong 
 - create a rule in your logging tool to prevent those messages from flooding your logs.  

 I think it would be better to just send a status code *"400 "*400 - BAD REQUEST"* REQUEST*" in this case. As this actually comes from a bad client request the server can't compute.

Back