[Catalyst] Chained and exceptions

Bill Moseley moseley at hank.org
Fri May 10 15:10:14 GMT 2013

On Fri, May 10, 2013 at 1:29 AM, Tomas Doran <bobtfish at bobtfish.net> wrote:

> You're after this:
> https://metacpan.org/module/Catalyst::ActionRole::DetachOnDie
> which gives you the alternate behaviour (i.e. detaching from the chain on
> first exception).

We have a number of applications, a few quite large, where some controllers
inherit from different base classes.   We could try and retro fit all
existing code, but it would be a good-sized project.  So the monkey patch
we did (as well as Dami Laurent had done in
is better for us.

I'm pretty sure this issue is not well known amongst our current (and
future) developers and thus it's quite likely someone would forget this in
a new Controller.

We all understand that an uncaught exception should not bring down the
server and instead generate a 500, but I think few would assume that when
using Chained an exception would not stop the request dead in its tracks
and instead is implicitly trapped and allowed to continue.

I think the more likely situation now is code running when it is not
expected -- which could be a serious security issue if the earlier action
in a chain is used for access control.

What would the developers think of deprecating this behavior (for the few
that might actually be relying on this) and issue a warning if a config
option is not set that fixes the issue?

-- =

Bill Moseley
moseley at hank.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20130510/4b0fd=

More information about the Catalyst mailing list