mirror of
https://github.com/Unleash/unleash.git
synced 2025-10-27 11:02:16 +01:00
fab5dc8725
Fix for [https://github.com/Unleash/unleash/security/code-scanning/81](https://github.com/Unleash/unleash/security/code-scanning/81) To prevent information exposure through stack traces, ensure that the HTTP response sent to clients contains only sanitized, generic error information, such as a status code and a simple message. Internal details (including stack traces, error types, or internal error codes) should not be sent to the client. These can be safely logged on the server for debugging. **The fix:** - Do not return the entire `finalError` object as JSON to the client, as it may include fields like `stack` or `internalMessage`. - Instead, return only a subset of fields that are safe to expose to the user, in this case just `message` . - Log the full error and any debugging details using the server-side logger **as currently done**. --- _Suggested fixes powered by Copilot Autofix. Review carefully before merging._ --------- Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| lib | ||
| mailtemplates | ||
| migrations | ||
| test | ||
| migrator.ts | ||
| server-dev.ts | ||
| server.ts | ||
| test-setup.ts | ||