How to Customize Error Pages

How to Customize Error Pages

In Symfony applications, all errors are treated as exceptions, no matter if they are a 404 Not Found error or a fatal error triggered by throwing some exception in your code.

In the development environment, Symfony catches all the exceptions and displays a special exception page with lots of debug information to help you discover the root problem:

A typical exception page in the development environment

Since these pages contain a lot of sensitive internal information, Symfony won’t display them in the production environment. Instead, it’ll show a minimal and generic error page:

A typical error page in the production environment

Error pages for the production environment can be customized in different ways depending on your needs:

  1. If you only want to change the contents and styles of the error pages to match the rest of your application, override the default error templates;
  2. If you want to change the contents of non-HTML error output, create a new normalizer;
  3. If you also want to tweak the logic used by Symfony to generate error pages, override the default error controller;
  4. If you need total control of exception handling to run your own logic use the kernel.exception event.

Overriding the Default Error Templates

You can use the built-in Twig error renderer to override the default error templates. Both the TwigBundle and TwigBridge need to be installed for this. Run this command to ensure both are installed:

  1. $ composer require symfony/twig-pack

When the error page loads, Symfony\Bridge\Twig\ErrorRenderer\TwigErrorRenderer is used to render a Twig template to show the user.

This renderer uses the HTTP status code and the following logic to determine the template filename:

  1. Look for a template for the given status code (like error500.html.twig);
  2. If the previous template doesn’t exist, discard the status code and look for a generic error template (error.html.twig).

To override these templates, rely on the standard Symfony method for overriding templates that live inside a bundle and put them in the templates/bundles/TwigBundle/Exception/ directory.

A typical project that returns HTML pages might look like this:

  1. templates/
  2. └─ bundles/
  3.    └─ TwigBundle/
  4.       └─ Exception/
  5.          ├─ error404.html.twig
  6.          ├─ error403.html.twig
  7.          └─ error.html.twig      # All other HTML errors (including 500)

Example 404 Error Template

To override the 404 error template for HTML pages, create a new error404.html.twig template located at templates/bundles/TwigBundle/Exception/:

  1. {# templates/bundles/TwigBundle/Exception/error404.html.twig #}
  2. {% extends 'base.html.twig' %}
  4. {% block body %}
  5.     <h1>Page not found</h1>
  7.     <p>
  8.         The requested page couldn't be located. Checkout for any URL
  9.         misspelling or <a href="{{ path('homepage') }}">return to the homepage</a>.
  10.     </p>
  11. {% endblock %}

In case you need them, the TwigErrorRenderer passes some information to the error template via the status_code and status_text variables that store the HTTP status code and message respectively.

Tip

You can customize the status code of an exception by implementing Symfony\Component\HttpKernel\Exception\HttpExceptionInterface and its required getStatusCode() method. Otherwise, the status_code will default to 500.

Additionally you have access to the Exception with exception, which for example allows you to output the stack trace using {{ exception.traceAsString }} or access any other method on the object. You should be careful with this though, as this is very likely to expose sensitive data.

Tip

PHP errors are turned into exceptions as well by default, so you can also access these error details using exception.

Security & 404 Pages

Due to the order of how routing and security are loaded, security information will not be available on your 404 pages. This means that it will appear as if your user is logged out on the 404 page (it will work while testing, but not on production).

Testing Error Pages during Development

While you’re in the development environment, Symfony shows the big exception page instead of your shiny new customized error page. So, how can you see what it looks like and debug it?

Fortunately, the default ErrorController allows you to preview your error pages during development.

To use this feature, you need to load some special routes provided by FrameworkBundle (if the application uses Symfony Flex they are loaded automatically when installing symfony/framework-bundle):

  • YAML

    1. # config/routes/dev/framework.yaml
    2. _errors:
    3.     resource: '@FrameworkBundle/Resources/config/routing/errors.xml'
    4.     prefix:   /_error

  • XML

    1. <!-- config/routes/dev/framework.xml -->
    2. <?xml version="1.0" encoding="UTF-8" ?>
    3. <routes xmlns="http://symfony.com/schema/routing"
    4.     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    5.     xsi:schemaLocation="http://symfony.com/schema/routing
    6.         https://symfony.com/schema/routing/routing-1.0.xsd">
    8.     <import resource="@FrameworkBundle/Resources/config/routing/errors.xml" prefix="/_error"/>
    9. </routes>

  • PHP

    1. // config/routes/dev/framework.php
    2. use Symfony\Component\Routing\Loader\Configurator\RoutingConfigurator;
    4. return function (RoutingConfigurator $routes) {
    5.     $routes->import('@FrameworkBundle/Resources/config/routing/errors.xml')
    6.         ->prefix('/_error')
    7.     ;
    8. };

With this route added, you can use URLs like these to preview the error page for a given status code as HTML or for a given status code and format (you might need to replace http://localhost/ by the host used in your local setup):

  • http://localhost/_error/{statusCode} for HTML
  • http://localhost/_error/{statusCode}.{format} for any other format

Overriding Error output for non-HTML formats

To override non-HTML error output, the Serializer component needs to be installed.

  1. $ composer require symfony/serializer-pack

The Serializer component has a built-in FlattenException normalizer (Symfony\Component\Serializer\Normalizer\ProblemNormalizer) and JSON/XML/CSV/YAML encoders. When your application throws an exception, Symfony can output it in one of those formats. If you want to change the output contents, create a new Normalizer that supports the FlattenException input:

  1. # src/Serializer/MyCustomProblemNormalizer.php
  2. namespace App\Serializer;
  4. use Symfony\Component\ErrorHandler\Exception\FlattenException;
  5. use Symfony\Component\Serializer\Normalizer\NormalizerInterface;
  7. class MyCustomProblemNormalizer implements NormalizerInterface
  8. {
  9.     public function normalize($exception, string $format = null, array $context = [])
  10.     {
  11.         return [
  12.             'content' => 'This is my custom problem normalizer.',
  13.             'exception'=> [
  14.                 'message' => $exception->getMessage(),
  15.                 'code' => $exception->getStatusCode(),
  16.             ],
  17.         ];
  18.     }
  20.     public function supportsNormalization($data, string $format = null)
  21.     {
  22.         return $data instanceof FlattenException;
  23.     }
  24. }

Overriding the Default ErrorController

If you need a little more flexibility beyond just overriding the template, then you can change the controller that renders the error page. For example, you might need to pass some additional variables into your template.

To do this, create a new controller anywhere in your application and set the framework.error_controller configuration option to point to it:

  • YAML

    1. # config/packages/framework.yaml
    2. framework:
    3.     error_controller: App\Controller\ErrorController::show

  • XML

    1. <!-- config/packages/framework.xml -->
    2. <?xml version="1.0" encoding="UTF-8" ?>
    3. <container xmlns="http://symfony.com/schema/dic/services"
    4.     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    5.     xsi:schemaLocation="http://symfony.com/schema/dic/services
    6.         https://symfony.com/schema/dic/services/services-1.0.xsd">
    8.     <framework:config>
    9.         <framework:error-controller>App\Controller\ErrorController::show</framework:error-controller>
    10.     </framework:config>
    12. </container>

  • PHP

    1. // config/packages/framework.php
    2. $container->loadFromExtension('framework', [
    3.     'error_controller' => 'App\Controller\ErrorController::show',
    4.     // ...
    5. ]);

The Symfony\Component\HttpKernel\EventListener\ErrorListener class used by the FrameworkBundle as a listener of the kernel.exception event creates the request that will be dispatched to your controller. In addition, your controller will be passed two parameters:

exception

The original Throwable instance being handled.

logger

A \Symfony\Component\HttpKernel\Log\DebugLoggerInterface instance which may be null in some circumstances.

Tip

The error page preview also works for your own controllers set up this way.

Working with the kernel.exception Event

When an exception is thrown, the Symfony\Component\HttpKernel\HttpKernel class catches it and dispatches a kernel.exception event. This gives you the power to convert the exception into a Response in a few different ways.

Working with this event is actually much more powerful than what has been explained before, but also requires a thorough understanding of Symfony internals. Suppose that your code throws specialized exceptions with a particular meaning to your application domain.

Writing your own event listener for the kernel.exception event allows you to have a closer look at the exception and take different actions depending on it. Those actions might include logging the exception, redirecting the user to another page or rendering specialized error pages.

Note

If your listener calls setResponse() on the Symfony\Component\HttpKernel\Event\ExceptionEvent, event, propagation will be stopped and the response will be sent to the client.

This approach allows you to create centralized and layered error handling: instead of catching (and handling) the same exceptions in various controllers time and again, you can have just one (or several) listeners deal with them.

Tip

See Symfony\Component\Security\Http\Firewall\ExceptionListener class code for a real example of an advanced listener of this type. This listener handles various security-related exceptions that are thrown in your application (like Symfony\Component\Security\Core\Exception\AccessDeniedException) and takes measures like redirecting the user to the login page, logging them out and other things.

This work, including the code samples, is licensed under a Creative Commons BY-SA 3.0 license.