Security: Silent Exception Swallowing in Server Request Handler Factory (#12332)

barttran2k · Dreamsorcerer · patchback[bot] · commit 243909c85d44 · 2026-04-14T00:35:23.000Z
Signed-off-by: Trần Bách <45133811+barttran2k@users.noreply.github.com> Co-authored-by: Sam Bull <git@sambull.org> (cherry picked from commit 06e510b)
diff --git a/aiohttp/web_server.py b/aiohttp/web_server.py
@@ -81,4 +81,11 @@ def __call__(self) -> RequestHandler:
                 for k, v in self._kwargs.items()
                 if k in ["debug", "access_log_class"]
             }
-            return RequestHandler(self, loop=self._loop, **kwargs)
+            handler = RequestHandler(self, loop=self._loop, **kwargs)
+            handler.logger.warning(
+                "Failed to create request handler with custom kwargs %r, "
+                "falling back to filtered kwargs. This may indicate a "
+                "misconfiguration.",
+                self._kwargs,
+            )
+            return handler
