我们有一个 C# AJAX 服务器来处理数据库请求,我们希望在异常时返回 400/403/500 状态代码,以便我们可以了解客户端发生了什么。然而,我们得到的只是响应正文中的“错误请求”。
例如,如果 ADO.Net 驱动程序返回以下消息:
传递给 LEFT 或 SUBSTRING 函数的长度参数无效。
无法将 NULL 值插入表的列“--COLUMN--”
'--数据库.架构.表--';列不允许为空。插入
失败。该声明已终止。
然后我们的 AJAX 服务器简单地返回以下文本:
错误的请求
我查看了 Chrome 中的完整响应标头,其中没有任何内容与此错误消息类似。这是我们用来发回错误的代码:
catch (Exception ex)
{
//Response.TrySkipIisCustomErrors = true;
Response.StatusCode = (int)HttpStatusCode.SC_BAD_REQUEST;
Response.Write(ex.Message);
Response.Flush();
}
在与此服务器等效的 Java/JSP 中,我们使用以下代码获得正确的行为:
} catch (Exception e) {
response.sendError(response.SC_BAD_REQUEST, e.getClass() + " : " + e.getMessage());
}
We have a C# AJAX server that handles database requests we want to return a 400/403/500 status code on an exception so that we can understand what went on at the client side. However, all we get back is "Bad Request" in the response body.
For example, if the ADO.Net driver returns this message:
Invalid length parameter passed to the LEFT or SUBSTRING function.
Cannot insert the value NULL into column '--COLUMN--', table
'--DATABASE.SCHEMA.TABLE--'; column does not allow nulls. INSERT
fails. The statement has been terminated.
Then our AJAX Server simply returns this text:
Bad Request
I have looked at the full response headers in Chrome and there is nothing even remotely resembling this error message in there. This is the code we're using to send the error back:
catch (Exception ex)
{
//Response.TrySkipIisCustomErrors = true;
Response.StatusCode = (int)HttpStatusCode.SC_BAD_REQUEST;
Response.Write(ex.Message);
Response.Flush();
}
In the Java/JSP equivalent to this server we are getting the correct behavior with this code:
} catch (Exception e) {
response.sendError(response.SC_BAD_REQUEST, e.getClass() + " : " + e.getMessage());
}
发布评论
评论(2)
有一些事情可能会出错,但我敢打赌,您正在 IIS7 上运行,并且它的默认设置会导致它重写错误。尝试使用 TrySkipIisCustomErrors 属性和
属性href="http://msdn.microsoft.com/en-us/library/ms690497%28v=vs.90%29.aspx" rel="nofollow">httpErrors 配置设置。There's a few things that could be going wrong, but I'd be prepared to bet that you're running on IIS7 and its defaults are causing it to rewrite the error. Try the TrySkipIisCustomErrors property and the
existingResponseattribute on the httpErrors configuration setting.服务器将错误消息封装到错误请求中,以防止安全详细信息到达客户端。您可以通过将 customErrors 设置为关闭来修改此行为,例如
The server is encapsulating the error message into a bad request to prevent secure details from reaching the client. You can modify this behavior by setting the customErrors to off, e.g.