From f27df8b5c5b7f855b3f419547e6683273814ce70 Mon Sep 17 00:00:00 2001
From: Severyn Kozak <severyn.kozak@gmail.com>
Date: Thu, 30 Apr 2015 10:31:15 -0400
Subject: [PATCH] Return error message if string.

middleware/500.js
	-cf1a483 changed the middleware to return an opaque error
	message rather than the error object itself, in case it contains
	sensitive information. The problem is that some sanitizers
	return a helpful error message (intended to be seen by users) as
	a string. Add a conditional to only return the ambiguous,
	catchall error message when a non-string `err` object is
	received -- this will likely be a stack trace, or something.
---
 middleware/500.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/middleware/500.js b/middleware/500.js
index 02e8a3f9..47895552 100644
--- a/middleware/500.js
+++ b/middleware/500.js
@@ -6,7 +6,7 @@ function middleware(err, req, res, next) {
   logger.error( 'Stack trace:', err.trace );
   res.header('Cache-Control','no-cache');
   if( res.statusCode < 400 ){ res.status(500); }
-  res.json({ error: 'internal server error' });
+  res.json({ error: typeof err === 'string' ? err : 'internal server error' });
 }
 
 module.exports = middleware;