fix: MongoDB timeout errors unhandled and potentially revealing internal data (#10020)

2026-01-25 00:15:01 +01:00
parent 1b5bd2f754
commit 1d3336d128
5 changed files with 164 additions and 4 deletions
--- a/src/middlewares.js
+++ b/src/middlewares.js
@@ -378,9 +378,9 @@ export const handleParseSession = async (req, res, next) => {
      next(error);
      return;
    }
-    // TODO: Determine the correct error scenario.
+    // Log full error details internally, but don't expose to client
    req.config.loggerController.error('error getting auth for sessionToken', error);
-    throw new Parse.Error(Parse.Error.UNKNOWN_ERROR, error);
+    next(new Parse.Error(Parse.Error.UNKNOWN_ERROR, 'Unknown error'));
  }
 };