BUG #4304: [SQA] API /api/shared/{fieldId}: 404 response exposes internal routing details - CompressPdf - Redmine

Actions

Copy link

BUG #4304

open

[SQA] API /api/shared/{fieldId}: 404 response exposes internal routing details

Added by Aman Bhuiyan about 1 month ago.

Status:

Pending

Priority:

High

Assignee:

Md.Sajib Ahmed

Category:

bug

Target version:

Sprint 06

Start date:

03/09/2026

Due date:

% Done:

Estimated time:

Description

Description¶

Module/Section: API → /api/shared/{fieldId}
Profile: API
Issue Category: Functional

When a non-existent fieldId is provided, the API correctly returns a 404 Not Found, which is expected behavior.
However, the error message inadvertently exposes internal routing details:
Cannot POST /api/shared/8ed6c643-d4cb-486c-a446-08b180c093f6

This could pose a potential security risk.

Steps to Reproduce¶

Send a POST request to /api/shared/{fieldId} using a non-existent fieldId.
Observe the error message returned in the response.

Expected Result¶

The API should return a 404 Not Found without exposing internal routing details or backend paths.

Actual Result¶

The API returns 404 Not Found, but the error message exposes internal route information, which may pose a security risk.

Root Cause¶

Impacted Area¶

Attachments¶

No data to display

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Development » CompressPdf