| Graham Dumpleton (JIRA) 2006-04-24, 8:02 am |
| If PythonDebug is On and error occurs, status is 200 when it should really be 500.
----------------------------------------------------------------------------------
Key: MODPYTHON-167
URL: http://issues.apache.org/jira/browse/MODPYTHON-167
Project: mod_python
Type: Bug
Components: core
Versions: 3.1.4, 3.2.8
Reporter: Graham Dumpleton
Assigned to: Graham Dumpleton
If PythonDebug is Off and an uncaught exception occurs in Python, the details of that exception will be logged in the Apache error log file. At the same time a 500 (HTTP_INTERNAL_SERVER_ERROR) response is returned to the client with whatever the configure
d default 500 error response message is for Apache.
If PythonDebug is On, the details are still logged to the error log, but the details of the exception will also be formatted and returned in the response to the client. In returning this response though, the HTTP status code is being returned as 200 (HTTP
_OK) rather than the more correct 500 (HTTP_INTERNAL_SERVER_ERROR).
By wrongly returning 200 rather than 500, one could theoretically run up against problems like the response being cached, or if client was a non interactive application, it may think it was an entirely valid response and not flag in some way that it was a
ctually an error.
The change to fix this in the code are as details in following patch. Note that returning 500 will still result in the message being displayed in a web browser, so for its intended purpose of displaying a traceback to a client, it will still work as requi
red.
Index: lib/python/mod_python/apache.py
========================================
===========================
--- lib/python/mod_python/apache.py (revision 396453)
+++ lib/python/mod_python/apache.py (working copy)
@@ -533,6 +533,7 @@
return HTTP_INTERNAL_SERVER_ERROR
else:
# write to client
+ req.status = HTTP_INTERNAL_SERVER_ERROR
req.content_type = 'text/html'
s = '\n<pre>\nMod_python error: "%s %s"\n\n' % (phase, hname)
|