Browse Source

Return error message if string.

middleware/500.js
	-cf1a483 changed the middleware to return an opaque error
	message rather than the error object itself, in case it contains
	sensitive information. The problem is that some sanitizers
	return a helpful error message (intended to be seen by users) as
	a string. Add a conditional to only return the ambiguous,
	catchall error message when a non-string `err` object is
	received -- this will likely be a stack trace, or something.
pull/124/head
Severyn Kozak 10 years ago
parent
commit
f27df8b5c5
  1. 2
      middleware/500.js

2
middleware/500.js

@ -6,7 +6,7 @@ function middleware(err, req, res, next) {
logger.error( 'Stack trace:', err.trace ); logger.error( 'Stack trace:', err.trace );
res.header('Cache-Control','no-cache'); res.header('Cache-Control','no-cache');
if( res.statusCode < 400 ){ res.status(500); } if( res.statusCode < 400 ){ res.status(500); }
res.json({ error: 'internal server error' }); res.json({ error: typeof err === 'string' ? err : 'internal server error' });
} }
module.exports = middleware; module.exports = middleware;

Loading…
Cancel
Save