GET /api/index.php/v1/nonexistent/route
).Authorization
header.The API correctly returns a 404 Not Found
or 401 Unauthorized
response. The Joomla error log should either not contain an entry for this event, or it should be logged at a lower severity level like INFO
or NOTICE
. The CRITICAL
log level should be reserved for unexpected 5xx-level server failures.
The API returns the correct 404 or 401 response, but a CRITICAL
error is written to the log file for each request. This fills the logs with noise from routine, expected client errors, making it difficult to identify genuine server-side failures.
Example log entry:
CRITICAL ::1 error Uncaught Throwable of type Joomla\CMS\Router\Exception\RouteNotFoundException thrown with message "Unable to handle request for route...".
api/index.php
)The default Joomla\CMS\Exception\Renderer\JsonapiRenderer
treats all exceptions passed to it as severe errors. This behavior is problematic for API applications where client-side errors (like invalid tokens, incorrect URLs, or permission issues) are common and expected operational events.
A more robust logging strategy would be for the renderer to inspect the type of exception. If the exception is a known client-side error type (e.g., RouteNotFoundException
, AuthenticationFailed
, NotAllowed
), it should be logged at a lower severity. If it's a generic \Exception
or \Throwable
, it should be logged as CRITICAL
as is currently the case.
This change would significantly improve the developer experience and the utility of logs for any site making heavy use of the Joomla API, without changing the "safe by default" handling of truly unknown errors.
Related to #45781
Labels |
Added:
No Code Attached Yet
|