C
C#10mo ago
Philémon

✅ My API returns 500 internal server error with the SQL exception text, why?

Hello every one, I built an ASP.NET API in .NET and I wrote a controller Action that looks like this :
[HttpPost]
public async Task<ActionResult<RecipeIngredientDto>> Post(RecipeIngredientRequest recipeIngredientRequest)
{
try
{
RecipeIngredient recipeIngredient = recipeIngredientRequest.MapToRecipeIngredient();

await _recipeIngredientRepository.Create(recipeIngredient);

RecipeIngredientDto dto = recipeIngredient.MapToDto();
return Ok(dto);
// TODO: Return CreatedAtAction when Get action is made
}
catch (ArgumentOutOfRangeException ex)
{
return BadRequest(ex.Message);
}
catch (ArgumentException ex)
{
return BadRequest(ex.Message);
}
}
[HttpPost]
public async Task<ActionResult<RecipeIngredientDto>> Post(RecipeIngredientRequest recipeIngredientRequest)
{
try
{
RecipeIngredient recipeIngredient = recipeIngredientRequest.MapToRecipeIngredient();

await _recipeIngredientRepository.Create(recipeIngredient);

RecipeIngredientDto dto = recipeIngredient.MapToDto();
return Ok(dto);
// TODO: Return CreatedAtAction when Get action is made
}
catch (ArgumentOutOfRangeException ex)
{
return BadRequest(ex.Message);
}
catch (ArgumentException ex)
{
return BadRequest(ex.Message);
}
}
So, as you can see, I return as a response to the HTTP caller either an "Ok" response, or a "BadRequest" response. If I try a request that is not supposed to work yet, using Postman, the server can't handle my request... so, that is completely correct. But what I don't understand is that my API returns a 500 internal server error response with the whole SQL Exception text as a response to my postman client. I think it is a bad idea to show the whole SQL Exception text message to the client. I could understand why. But why does my API even give this 500 response? I never wrote a 500 response in my controller action. What am I supposed to do to "hide" the Exception text messages? Do I need to write a custom text and return a 500 response manually with this text for every action of every controller, like in a more generic catch (Exception ex) ? What could be considered as best practice in this case? Thank you for reading this, and many thanks for any reply! 😁
4 Replies
Plerx
Plerx10mo ago
I assume you run it with development as the environment. Most boilerplates add the dev exceptions middleware
Philémon
PhilémonOP10mo ago
Yes I run it in development! The only middleware related to dev env that I see is this :
if (app.Environment.IsDevelopment())
{
app.UseSwagger();
app.UseSwaggerUI();
}
if (app.Environment.IsDevelopment())
{
app.UseSwagger();
app.UseSwaggerUI();
}
Is this the middleware that add the dev exceptions? In any case, I guess I should not be bothered by these dev exceptions if it only appears in a dev environment?
gwon8266
gwon826610mo ago
You can write a custom middleware to catch the 500 error then you can return it in whatever style you like and also when you run it in production mode. You should just see, "Internal Server Error" and not the mumbo jumbo
Philémon
PhilémonOP10mo ago
Ok, thank you very much! I will try to make my own middleware, I never made one, it is a good idea to try it myself
Want results from more Discord servers?
Add your server