joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add Parse Server option enableSanitizedErrorResponse to remove detailed error messages from responses sent to clients (#9944)

Browse Source
This commit is contained in:
Lucas Coratger
2025-11-28 19:48:35 +01:00
committed by GitHub
parent 73e78127c2
commit 47521974ae
24 changed files with 121 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
spec/ParseFile.spec.js
View File

@@ -767,13 +767,11 @@ describe('Parse.File testing', () => {
describe('getting files', () => {
it('does not crash on file request with invalid app ID', async () => {
loggerErrorSpy.calls.reset();
const res1 = await request({
url: 'http://localhost:8378/1/files/invalid-id/invalid-file.txt',
}).catch(e => e);
expect(res1.status).toBe(403);
expect(res1.data).toEqual({ code: 119, error: 'Permission denied' });
expect(loggerErrorSpy).toHaveBeenCalledWith('Sanitized error:', jasmine.stringContaining('Invalid application ID.'));
expect(res1.data).toEqual({ code: 119, error: 'Invalid application ID.' });
// Ensure server did not crash
const res2 = await request({ url: 'http://localhost:8378/1/health' });
expect(res2.status).toEqual(200);

41
spec/Utils.spec.js
View File

@@ -1,4 +1,5 @@
const Utils = require('../src/Utils');
const Utils = require('../lib/Utils');
const { createSanitizedError, createSanitizedHttpError } = require("../lib/Error")
describe('Utils', () => {
describe('encodeForUrl', () => {
@@ -173,4 +174,42 @@ describe('Utils', () => {
expect(Utils.getNestedProperty(obj, 'database.name')).toBe('');
});
});
describe('createSanitizedError', () => {
it('should return "Permission denied" when enableSanitizedErrorResponse is true', () => {
const config = { enableSanitizedErrorResponse: true };
const error = createSanitizedError(Parse.Error.OPERATION_FORBIDDEN, 'Detailed error message', config);
expect(error.message).toBe('Permission denied');
});
it('should not crash with config undefined', () => {
const error = createSanitizedError(Parse.Error.OPERATION_FORBIDDEN, 'Detailed error message', undefined);
expect(error.message).toBe('Permission denied');
});
it('should return the detailed message when enableSanitizedErrorResponse is false', () => {
const config = { enableSanitizedErrorResponse: false };
const error = createSanitizedError(Parse.Error.OPERATION_FORBIDDEN, 'Detailed error message', config);
expect(error.message).toBe('Detailed error message');
});
});
describe('createSanitizedHttpError', () => {
it('should return "Permission denied" when enableSanitizedErrorResponse is true', () => {
const config = { enableSanitizedErrorResponse: true };
const error = createSanitizedHttpError(403, 'Detailed error message', config);
expect(error.message).toBe('Permission denied');
});
it('should not crash with config undefined', () => {
const error = createSanitizedHttpError(403, 'Detailed error message', undefined);
expect(error.message).toBe('Permission denied');
});
it('should return the detailed message when enableSanitizedErrorResponse is false', () => {
const config = { enableSanitizedErrorResponse: false };
const error = createSanitizedHttpError(403, 'Detailed error message', config);
expect(error.message).toBe('Detailed error message');
});
});
});