Custom error message in error response

[AdiSegev]

Hi,

I've start using your library and it's very easy to use one.
I wanted to add handshake reject mechanism, so I've looked at your ServerRejectHandshakeExample.
There I can see the way I can reject the request.
But I've noticed that the message I write in the InvalidDataException constructor is not visible to the client.
When I've looked on your source code it I saw you're ignoring it while you're passing only status code of 404/500 to generateHttpResponseDueToError I'd suggest you to either let the developers a way to override generateHttpResponseDueToError method, or change it to something like this:

  private ByteBuffer generateHttpResponseDueToError(Exception exception) {
        String errorCodeDescription = "UnExpectedException";
        String errorDescriptionTitle;

        if (exception.getMessage() != null) {
            errorCodeDescription = exception.getMessage();
        }
        
        if (exception instanceof InvalidDataException) {
            errorDescriptionTitle = "404 "+errorCodeDescription;
        } else {
            errorDescriptionTitle = "500 "+errorCodeDescription;
        }
        return ByteBuffer.wrap(Charsetfunctions.asciiBytes("HTTP/1.1 " + errorDescriptionTitle + "\r\nContent-Type: text/html\nISR Java-WebSocket\r\nContent-Length: " + (48 + errorCodeDescription.length()) + "\r\n\r\n<html><head></head><body><h1>" + errorCodeDescription + "</h1></body></html>"));
    }

[marci4]

Hey,

could you please describe your use case?

Thx a lot.
Best regards,
Marcel

[AdiSegev]

Thanks for your response. I've added a simple check in my server to see if the client has sent some header. When the client hasn't sent it I've rejected the handshake with custom error message in InvalidDataException. I thought I'll see it iin the client side, so the client can understand what's wrong with his request but I only so your general error message. I think it'll be better to pass the original error message to the client. בתאריך יום ה׳, 6 בפבר׳ 2020, 14:50, מאת Marcel Prestel ‏< [email protected]>:

…

Hey, could you please describe your use case? Thx a lot. Best regards, Marcel — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#977?email_source=notifications&email_token=AAVD7HFMXPBL4KROF4EMIMDRBQBP5A5CNFSM4KQW4NTKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEK7DODY#issuecomment-582891279>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAVD7HGQW23CGT6EWOVKX2DRBQBP5ANCNFSM4KQW4NTA> .

[marci4]

To be honest, I would only say that this is a debugging feature, but not required for normal use.
Am I wrong?

[AdiSegev]

Hi, I think it's also required for real applications. If my web application suppose to serve many clients, and there's some authentication requirements, I have to be able to let them know what went wrong if I refuses the connection. I'm just starting work with WebSockets, but I'm pretty sure there's a lot of cases where this feature would be helpful. ‫בתאריך יום ה׳, 6 בפבר׳ 2020 ב-21:09 מאת ‪Marcel Prestel‬‏ <‪ [email protected]‬‏>:‬

…

To be honest, I would only say that this is a debugging feature, but not required for normal use. Am I wrong? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#977?email_source=notifications&email_token=AAVD7HGG6DBM4Y56EK5IIBTRBROAFA5CNFSM4KQW4NTKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOELANGRQ#issuecomment-583062342>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAVD7HGP526I7SI7BWRZTL3RBROAFANCNFSM4KQW4NTA> .

[marci4]

Would it not be better to use the normal http status codes for this?

Best regards,
Marcel

[AdiSegev]

I agree about the status code. My suggestion is just to change the text in the error message sent to the client in the response content. I think it'll be more useful to send the exact reason for the error/reject. And again, you already have that info at the InvalidDataException object. בתאריך יום ו׳, 7 בפבר׳ 2020, 15:06, מאת Marcel Prestel ‏< [email protected]>:

…

Would it not be better to use the normal http status codes for this? Best regards, Marcel — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#977?email_source=notifications&email_token=AAVD7HFVZW43F3TUKTDSIOLRBVMFXA5CNFSM4KQW4NTKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOELC3DHQ#issuecomment-583381406>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAVD7HFSGO2LHXFHX2XFAUTRBVMFXANCNFSM4KQW4NTA> .

[jmluy]

A possible use case is for authorization, when a server expects a different code like 401.

[gvtelio]

Yes, possible use case is 401. Even if you try to send 401, the library just always sends 404.