Websocket Error handling

Good morning, please I have implemented a websocket in my django app where the websocket url has a u_id , however if the websocket fails the browser console display the url with the uid which is a security concern. Please I need your helps on how to handle or customize the error so that I will able to display my own custom message error in the browser console.

here is my views.py

    def random_qr_code(request):
        context = {}
        request_url = get_current_host(request)
        u_id = str(uuid.uuid4()).replace('-', "")
        u_id = u_id[:7].upper()
        octal_str = get_encoded_data()
        image = octal_qr_code(octal_str)
        CrossAuth.objects.create(token=u_id, seed=octal_str)
        url = f"ws://{request_url}/ws/auth_qr_code/{u_id}/"

        context["image_url"] = image
        context["url"] = url
        context["secret_key"] = octal_str
        return context

htm file

  const socket = new WebSocket("{{ url }}");
  let timer = null;
  socket.onopen = () => {};
  socket.onmessage = function (evt) {
    document.getElementById("success_message").innerHTML = evt["data"];

    window.location.href =
      "{{ request.scheme }}://{{ request.get_host }}/success_mobile/";

  socket.onclose = socket.onerror = () => {};


here is the error from the browser

In this you can see the websocket displays the UUID and I want to remove it.
Note: I have tried to avoid passing the UUID to the url it works fine, however I need to maintain the uid in the url to avoid any prod issue.

Thank you for your helps and valuable time.

You are seeing this UUID in console because your connection failed to websocket, if you think that just by hiding it from console you are securing your UUID then it is not the case because network tab have all the things what requests and responses you are getting with which or what kind of url.
If UUID is that important that it should not have to be violated publicly than you can use something else like slug.

Thank you @addwebsolution I will try that and see

This is now the second time that you’ve made mention of information being available in the browser’s developer tools as being “a security concern”.

It is not.

I don’t know where you’re getting this impression or what is making you think of this, but somewhere along the line you’ve gotten a wrong idea about how the http protocol works or how browsers work.

From the perspective of the server, everything being sent to the browser is insecure once it has reached the browser. The browser is a completely uncontrolled and uncontrollable environment.

I suggest you do some more research about this to gain a better understanding of how the web works.

1 Like