OpenIG gives too much information to the client that issued the original request. In case of an error, OpenIG has to be succinct about the error and tries not to publish any "confidential" information. This kind of information should only be published onto the loggers for troubleshooting by the administrator.
As an example, with OpenIG acting as a simple proxy, here is the response we get :
==> OpenIG should not publish the target host into the response. The response's content might be something like "Bad Gateway" but in the log files we should have a trace of that event with much as possible.
Another example is when you use a Groovy script : in the response, we get the compilation error message : we should get a 500 error page with the following message : "An unexpected error happend. Please contact your system administrator." All the compilation error messages have to be in the log files.
To ease the troubleshooting, we might provide a request Id (the context id ? ) in the response as well in the log files.
|Provide less details from Groovy scripts||Closed|