Mateusz Mandera f5a65846a8 scim: Override django-scim2 logic of exception handling in views. ...

As detailed in the comments, the default behavior is undesirable for us
because we can't really predict all possibilities of exceptions that may
be raised - and thus putting str(e) in the http response is potentially
insecure as it may leak some unexpected sensitive information that was
in the exception.

As a hypothetical example - KeyError resulting from some buggy
some_dict[secret_string] call would leak information. Though of course
we aim to never write code like that.

2021-10-17 21:33:03 -07:00

29 KiB

Raw Blame History

View Raw