DRF overwrites Django's Http404 details message in favour of its own

[pgrubacc]

When raising Http404 (django.http.Http404), with a message, e.g:
raise Http404('My custom details')

inside of a function decorated with DRF's api_view (or any class based view, e.g. generics.ListApiView), DRF ignores the details and overwrites them with its own message. The cause are these lines of code in views.py:

def exception_handler(exc, context):
    """
    Returns the response that should be used for any given exception.
    By default we handle the REST framework `APIException`, and also
    Django's built-in `Http404` and `PermissionDenied` exceptions.
    Any unhandled exceptions may return `None`, which will cause a 500 error
    to be raised.
    """
    if isinstance(exc, Http404):
        exc = exceptions.NotFound()
    elif isinstance(exc, PermissionDenied):
        exc = exceptions.PermissionDenied()

As you can see, in case of Http404, exc is overriden without any arguments it had (the details) being passed. This can result in a headache when other libraries throw Http404 and you use their functionalities in your api views.
In particular, I was using social-app-django's psa decorator) which in one case throws Http404 with a very important message:

            try:
                request.backend = load_backend(request.social_strategy,
                                               backend, uri)
            except MissingBackend:
                raise Http404('Backend not found')
            return func(request, backend, *args, **kwargs)

The raised error I got was simply 'Not found' instead of 'Backend not found', which led me to mistakenly believe I've messed something up in my urls. As it stands, other libraries used in conjunction with DRF will always get their 404 details 'swallowed'.

Steps to reproduce

raise Http404('My details') inside of a DRF class-based view or function decorated with api_view

Expected behavior

404 error with message 'My details' is returned

Actual behavior

404 error with message 'Not found' is returned

[tomchristie]

Okay. One thing we’d also need to be aware of is that custom messages wouldn’t get our built-in translations. What’s Django’s default message when raising Http404?

[pgrubacc]

It seems the default behavior when raising Http404 with no arguments is to omit the 'info' part.
Here's an example in the rendered template without anything passed - the 'info' div is empty:

And here's one with the details:

This is the code, simply extends the base Exception:

class Http404(Exception):
    pass

[harisibrahimkv]

Ran into this problem where we were implementing a custom exception handler and were using exc.get_codes(). That was failing specifically where a get_object_or_404 was being used (inside ViewSet retrieve / update)

Something like the following helped for the time being:

from django.http import Http404
from django.core.exceptions import PermissionDenied

def custom_exception_handler(exc, context):
    response = exception_handler(exc, context)

    if isinstance(exc, Http404):
        exc = NotFoundError(exc.__str__())
    elif isinstance(exc, PermissionDenied):
        exc = PermissionDeniedError(exc.__str__())

The NotFoundError and PermissionDeniedError in the example above are our own custom subclasses of APIException, but the point I am trying to make is about how we are getting the custom "message" (exc.__str__()) to be passed down into the exception.

The default message for the django get_object_or_404 seems to be https://github.com/django/django/blob/master/django/shortcuts.py#L78

[simkimsia]

Ran into this problem. Googled and found this ticket. So subscribed to get updates on how to overcome this as well

[simkimsia]

@harisibrahimkv can you share your custom exception handler code? I think I may have to adopt the same as a workaround until DRF has a solution for this

[harisibrahimkv]

@simkimsia My custom exception handler code is the same that I have pasted in my comment above. The specific APIException subclasses look like this:

class PermissionDeniedError(APIException):
    """User does not have sufficient permission."""

    status_code = 403
    default_code = 'PERMISSION_DENIED'

    def __init__(self, message, cause=None):
        self._cause = cause
        self.default_detail = message
        super().__init__()

[Mereep]

For those who come here and just want this to be working at their Code (like me): Just replace raise Http404('Details that WILL get lost') with raise NotFound(detail='Detail that will NOT get lost').

[egoyret]

NotFound does not exist. Closest thing is HttpResponseNotFound but will give an error saying keyword detail not expected. If I take out the keyword and just leave the message the it still breaks with "exceptions must derive from BaeException"

[Mereep]

You tried to import it?