Problem/Motivation
This was originally reported to the security team but was cleared for a public issue.
DefaultExceptionHtmlSubscriber clones the original request when making a subrequest to display 401 error messages.
However a BadRequestException means the request is bad, and if code called on the error page (e.g. form building) throws another BadRequestException this can create an infinite loop.
Steps to reproduce
Proposed resolution
- MR !10153: Get rid of the subrequest for 400 errors and just show a basic error page, or
- MR !10306: Catch BadRequestException when building breadcrumbs
Remaining tasks
Review the two proposed resolutions.