Is there a config or system parameter in odoo to prevent showing traceback popup to user with filenames and lines. If not, is it not a security issue?
Note: Using Odoo 10
Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:
- CRM
- e-Commerce
- Kirjanpito
- Varastointi
- PoS
- Projekti
- MRP
Tämä kysymys on merkitty
4
Vastaukset
20316
Näkymät
Hi,
Add a override odoo.http's _handle_exception like below
def _handle_exception(self, exception):
"""Called within an except block to allow converting exceptions
to arbitrary responses. Anything returned (except None) will
be used as response."""
try:
return super(JsonRequest, self)._handle_exception(exception)
except Exception:
if not isinstance(exception, SessionExpiredException):
if exception.args and exception.args[0] == "bus.Bus not available in test mode":
_logger.info(exception)
elif isinstance(exception, (odoo.exceptions.Warning, odoo.exceptions.except_orm,
werkzeug.exceptions.NotFound)):
_logger.warning(exception)
else:
_logger.exception("Exception during JSON request handling.")
error = {
'code': 200,
'message': "Odoo Server Error",
'data': serialize_exception(exception),
}
if isinstance(exception, werkzeug.exceptions.NotFound):
error['http_status'] = 404
error['code'] = 404
error['message'] = "404: Not Found"
if isinstance(exception, AuthenticationError):
error['code'] = 100
error['message'] = "Odoo Session Invalid"
if isinstance(exception, SessionExpiredException):
error['code'] = 100
error['message'] = "Odoo Session Expired"
_logger.exception(self._json_response(error=error))
pass
Regards
On our custom models we can catch the errors, but on odoo's built in modules this is not applicable. so either we can make a script to catch all errors from odoo models.
Nautitko keskustelusta? Älä vain lue, vaan osallistu!
Luo tili jo tänään nauttiaksesi yksinoikeusominaisuuksista ja osallistuaksesi mahtavaan yhteisöömme!
Rekisteröidy| Aiheeseen liittyviä artikkeleita | Vastaukset | Näkymät | Toimenpide | |
|---|---|---|---|---|
|
1
huhtik. 23
|
5775 | ||
|
1
elok. 22
|
14743 | ||
|
4
elok. 22
|
16244 | ||
|
4
jouluk. 24
|
48630 | ||
|
0
lokak. 18
|
4853 |
have a look at handle_exception function in ir_http.py that might give you idea... even sending it as email or logging it to external services too.
Use sys.tracebacklimit = 0
This way you sets python to show only the exception type.
From python documentation:
sys.tracebacklimit¶
When this variable is set to an integer value, it determines the maximum number of levels of traceback information printed when an unhandled exception occurs. The default is 1000. When set to 0 or less, all traceback information is suppressed and only the exception type and value are printed.