access to /exceptions/actions available for request
Reported by Adam French | February 9th, 2008 @ 05:55 AM | in 0.9
When working with merb's most spiff-tacular ControllerExceptions and exception handling, I noticed that you could make a request like:
http://localhost:4000/exceptions...
though I wouldn't call this a bug, it's certainly an interesting by-product of merb's exception handling.
It's actually pretty handy when you need to dress up a 404 or 401 page, or make sure your 500 errors are getting mailed to you or something.
perhaps routing the request is ok in any environment other than production?
What do ya'll think?
Comments and changes to this ticket
-
Michael D. Ivey (ivey) February 9th, 2008 @ 09:04 AM
- → State changed from “new” to “open”
The only real risk I can see of hand is that it's a good "Are they running Merb?" marker.
What am I missing?
-
Yehuda Katz (wycats) February 26th, 2008 @ 06:51 AM
- → Assigned user changed from “” to “Michael D. Ivey (ivey)”
Another risk could be if you do something special in that URL, like send an exception email out, and someone uses it to DOS your box.
-
Yehuda Katz (wycats) February 26th, 2008 @ 06:52 AM
- → Milestone changed from “” to “0.9”
-
Yehuda Katz (wycats) February 29th, 2008 @ 12:45 AM
- → State changed from “open” to “hold”
-
Michael D. Ivey (ivey) June 12th, 2008 @ 12:11 AM
I assume this is only a problem if you have default routes turned on?
-
Please Login or create a free account to add a new comment.
You can update this ticket by sending an email to from your email client. (help)
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
