Opened 7 years ago

Closed 6 years ago

#6127 closed defect (fixed)

bridges.tpo runs in development mode

Reported by: weasel Owned by: isis
Priority: Medium Milestone:
Component: Circumvention/BridgeDB Version:
Severity: Keywords: bridgedb-https
Cc: isis@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

the service at https://bridges.torproject.org/ runs in development mode, meaning it dumps the callstack, including all local variables, to the user whenever it backtraces.

That's probably not a good idea.

Child Tickets

Attachments (1)

bridges-test.tpo-render_GET-traceback-0.jpg (183.6 KB) - added by isis 6 years ago.

Download all attachments as: .zip

Change History (8)

comment:1 Changed 6 years ago by isis

Cc: isis@… added
Status: newneeds_revision

My branch in #9199 rewrites the config and log facities, which allows for disabling/enabling tracebacks and changing logging verbosity while running, and also does away with all the duplicated code in Main.CONFIG which was used when BridgeDB was run with the "-t" testing flag. You should be able to run it normally, without -t, now, and also disable stacktraces...though I should perhaps put in a TRACEBACK setting to make it configurable.

comment:2 Changed 6 years ago by isis

Keywords: bridgedb-https added
Owner: set to isis
Status: needs_revisionaccepted

The changes in my last comment fix persistent changing of log levels. I misunderstood this ticket until I hit one of the tracebacks served by bridges.torproject.org.

This is fixed in my fix/6127-web-server-tracebacks branch.

comment:3 Changed 6 years ago by isis

Status: acceptedneeds_review

comment:4 Changed 6 years ago by isis

Status: needs_reviewneeds_revision

There appears to be more tracebacks. I just created a staging instance for BridgeDB on ponticum, and after the staging server started up, visiting the web interface I got this:


Last edited 6 years ago by isis (previous) (diff)

comment:5 Changed 6 years ago by isis

Status: needs_revisionneeds_review

Alright. The patches to catch the above traceback are in my branch fix/6127-render_GET-traceback.

comment:6 Changed 6 years ago by isis

And I ended up implementing a general "only log templating errors and if all else fails display a simple HTML 'Sorry! Something went wrong!' page" in this branch: fix/6127-simple-error-page.

comment:7 Changed 6 years ago by isis

Resolution: fixed
Status: needs_reviewclosed

The simple error page from the last comment is added in 0.1.1, everything else is added to 0.1.0.

Note: See TracTickets for help on using tickets.