♻️(back) stop returning a 500 on cors_proxy on request failure

On the cors_proxy endpoint, if the fetched url fails we were returning
an error 500. Instead, we log the exception and return a 400 to not
give back information to the frontend application.

Author: lunika

src/backend/core/api/viewsets.py

@@ -1481,10 +1481,10 @@ def cors_proxy(self, request, *args, **kwargs):
             return proxy_response
 
         except requests.RequestException as e:
-            logger.error("Proxy request failed: %s", str(e))
-            return drf_response.Response(
-                {"error": f"Failed to fetch resource: {e!s}"},
-                status=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            logger.exception(e)
+            return drf.response.Response(
+                {"error": f"Failed to fetch resource from {url}"},
+                status=status.HTTP_400_BAD_REQUEST,
             )
 
 

src/backend/core/tests/documents/test_api_documents_cors_proxy.py

@@ -2,6 +2,7 @@
 
 import pytest
 import responses
+from requests.exceptions import RequestException
 from rest_framework.test import APIClient
 
 from core import factories
@@ -170,3 +171,20 @@ def test_api_docs_cors_proxy_invalid_url(url_to_fetch):
     )
     assert response.status_code == 400
     assert response.json() == ["Enter a valid URL."]
+
+
+@responses.activate
+def test_api_docs_cors_proxy_request_failed():
+    """Test the CORS proxy API for documents with a request failed."""
+    document = factories.DocumentFactory(link_reach="public")
+
+    client = APIClient()
+    url_to_fetch = "https://external-url.com/assets/index.html"
+    responses.get(url_to_fetch, body=RequestException("Connection refused"))
+    response = client.get(
+        f"/api/v1.0/documents/{document.id!s}/cors-proxy/?url={url_to_fetch}"
+    )
+    assert response.status_code == 400
+    assert response.json() == {
+        "error": "Failed to fetch resource from https://external-url.com/assets/index.html"
+    }