Hello everybody, I’m facing with the bug JRASERVER-38101 and, in particular, i’m facing with two different test then output the jira stacktrace to the user. As depicted in the issue above, the stacktrace can be found even in the GUI that in the F12 tools.
As suggested (but not supported by Atlassian), I have modified error500.soy commenting this part:
/*
{if $stacktrace}
<blockquote id="stacktrace" style="overflow-x: auto;"><pre>{$stacktrace}</pre></blockquote>
{else}
<p>{$servletErrorMessage}</p>
{/if}
*/
That is hiding the tomcat stacktrace only in the GUI, but not in the F12 tools.
The problem I would solve is:
- Use Firefox (last version 59.0.2, it doesn’t matter the version, FF is important for the developer tools )
- Log into Jira and go to Customer portal
- Go to Profile (/servicedesk/customer/user/profile)
- click Edit
- click Change avatar
- click Select Image and choose an image
- click Done
- Type “F12” (for the developer tool window to open)
- go to the “Network” tab and activate “Preserve log”
- click Save on the page
- right click on the PUT request “user” and on “edit/modify and resend”
- on the detail frame section (on the right), edit the avatar parameter from “data:image/png…etc” to “data:image/pnggg…etc” and then click “send” on the top right
- you can see the PUT request "user again but now you get a 500 error
- click on this request
- on the detail frame section (on the right), click on “Response” tab
- you can see the tomcat stacktrace
For this very particular case, I’m not able to modify the error500.soy.
Is anybody has an idea ?
Thank you in advace
Hi all, as our Security Team is pushing us for the problem to be solved, is there someone who can help us to find a way to solve the issue described above?
Many thanks,
Michele
This is super old but I’ve found a way to remove all of the “Request assistance” dropdown from the error500.soy file, which removes the stack trace from the GUI and header info or F12 stuff. Basically you edit the HTML portion to not show the div block for it, and remove the soy references at the top for that block.
Remove these lines at the top:
-
@param helpsteps List of steps for solving this problem
-
@param errorId Log’s referral number
-
@param fullInfo Decides which version of technical details presentation should be used (boolean)
-
@param technicalDetails Map with technical details displayed to the user
Remove from the
block just below this, down to the end of the second div block, basically all this gets removed:
<h2 class="technical-details-header">
<span>{getText('500.request.assistance')}</span>
</h2>
<div id="technical-details-content" class="technical-details js-hidden">
{if length($helpsteps) > 1}
<ol>
{foreach $line in $helpsteps}
<li>{$line|noAutoescape}</li>
{/foreach}
</ol>
{else}
{foreach $line in $helpsteps}
<p>{$line|noAutoescape}</p>
{/foreach}
{/if}
<div class="technical-details-content" contentEditable readonly>
<h2>{getText('500.technical.details')}</h2>
{if $errorId}
<p class="referral">{getText('500.logs.referral.number')} <strong id="log-referral-id">{$errorId}</strong></p>
{/if}
{if $fullInfo}
{call .fullMessage data="$technicalDetails" /}
{else}
{call .simpleMessage data="$technicalDetails" /}
{/if}
</div>
</div>
This preserves the page look and feel but removes the stuff we don’t want to show. Error logs still show the full error messages of course.