Allow Error Handler to Return HttpResponse

[JavaScriptDude]

I would like to have full control of the response from error handlers assigned using @api.errorhandler decorator so I can obfuscate the return of calls for some usecases.

For example:

@app.errorhandler(werkzeug.exceptions.BadRequest)
def handle_bad_request(e):
    log.error("<error_dump>", error)
    response = flask.make_response()
    response.set_data(":(")
    response.status_code = 418
    response.headers['Content-Type'] = 'text/html'
    response.headers['Server'] = 'Timex Sinclair'
    return response

However, the code assumes full control of the response assuming that a dict is returned.

The change is quite simple. In Api.py after result = handler(e):

if not result is None and  issubclass(result.__class__, BaseResponse):
    return result

[JavaScriptDude]

Created PR #459

[JavaScriptDude]

The only way to do this is at present is by doing the following which is not ideal at all and it does not allow overriding of Content-Type.

app = Flask()
app.config['ERROR_INCLUDE_MESSAGE'] = False
# ...
@app.errorhandler(werkzeug.exceptions.BadRequest)
def handle_bad_request(e):
    log.error("<error_dump>", error)
    return (":(", 418, Headers({'Server': 'Timex Sinclair'}))

[trey-stafford]

I have also run into this issue recently and have been unable to render an HTML response when unexpected application errors are encountered. This is unfortunate, as there are parts of my API where I would like to be able to render a nice, human-readable error message with e.g., links embedded to help documentation. As currently designed, I am forced to return a json response when using @api.errorhandler.

[trey-stafford]

I've found a hack workaround that works for my use-case, but it feels unnecessary, confusing, and prone to breakage. It relies on catching errors at the flask-restx layer (@api.errorhandler), raising a custom error there, and then catching it with the flask error handler (@app.errorhandler) which is capable of returning the HTML response that I want.

class HackError(Exception):
    """Hack error class that is only used to work around
    https://github.com/python-restx/flask-restx/issues/458."""
    pass

@api.errorhandler  # noqa
def handle_api_exception(e):
    # pass through HackErrors as a JSON response to the flask-restx backend.
    # This does NOT end up being presented to the user. 
    # They see the response returned by `handle_hack_exception` below.
    if isinstance(e, HackError):
        return {}, 500

    # Log the original error 
    err_traceback = traceback.format_exception(e)
    err_msg = f"Unhandled exception during request: {e}"
    app.logger.exception(err_msg, extra={"exception_traceback": err_traceback})

    # Raise a `HackError`, which will be handled by `handle_hack_exception`
    # below.
    raise HackError

@app.errorhandler(HackError)  # noqa
def handle_hack_exception(e):
    """Handle any exceptions raised from the application.

    https://flask.palletsprojects.com/en/stable/errorhandling/#error-handlers
    """
    # Return an HTML response
    return Response(
        render_template(
            "generic_error.html.jinja",
        ),
        content_type="text/html",
        status=500,
    )

Although this appears to work with my production configuration, I am reluctant to put it into prod.