New to Telerik Reporting? Download free 30-day trial

How to prevent Internal Server Error Stack Trace from being sent with the HTTP Response

Environment

Product Progress® Telerik® Reporting

Description

In some cases it is considered a security issue when through API calls to the REST service, it is possible to view Internal Server Errors Stack Traces in the HTTP response.

By default when a Web API controller throws an uncaught exception the Stack trace is translated into an HTTP response with status code 500, Internal Server Error - Exception Handling in ASP.NET Web API. Therefore, the Stack trace of any server side error will be passed with the response. We have left the default exception-related behavior of our ReportsController for debugging purposes.

Solution

If necessary, the exceptions can be removed from the response. For example, you may customize the way the Web API handles exceptions by creating an exception filter and applying it to the ReportsController.

Alternatively, you may consider overriding the public methods of the ReportsController and catch and handle the exceptions there - check ReportsControllerBase Methods. For example, the implementation of RegisterClient method may look like :

public override HttpResponseMessage RegisterClient()
{
    try
    {
        return base.RegisterClient();
    }
    catch (System.Exception)
    {
        return new HttpResponseMessage(HttpStatusCode.NotImplemented);
    }
}
In this article