joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add Parse Server option enableSanitizedErrorResponse to remove detailed error messages from responses sent to clients (#9944)

Browse Source
This commit is contained in:
Lucas Coratger
2025-11-28 19:48:35 +01:00
committed by GitHub
parent 73e78127c2
commit 47521974ae
24 changed files with 121 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/Controllers/SchemaController.js
View File

@@ -1399,6 +1399,7 @@ export default class SchemaController {
return true;
}
const perms = classPermissions[operation];
const config = Config.get(Parse.applicationId)
// If only for authenticated users
// make sure we have an aclGroup
if (perms['requiresAuthentication']) {
@@ -1406,12 +1407,14 @@ export default class SchemaController {
if (!aclGroup || aclGroup.length == 0) {
throw createSanitizedError(
Parse.Error.OBJECT_NOT_FOUND,
'Permission denied, user needs to be authenticated.'
'Permission denied, user needs to be authenticated.',
config
);
} else if (aclGroup.indexOf('*') > -1 && aclGroup.length == 1) {
throw createSanitizedError(
Parse.Error.OBJECT_NOT_FOUND,
'Permission denied, user needs to be authenticated.'
'Permission denied, user needs to be authenticated.',
config
);
}
// requiresAuthentication passed, just move forward
@@ -1428,7 +1431,8 @@ export default class SchemaController {
if (permissionField == 'writeUserFields' && operation == 'create') {
throw createSanitizedError(
Parse.Error.OPERATION_FORBIDDEN,
`Permission denied for action ${operation} on class ${className}.`
`Permission denied for action ${operation} on class ${className}.`,
config
);
}
@@ -1451,7 +1455,8 @@ export default class SchemaController {
throw createSanitizedError(
Parse.Error.OPERATION_FORBIDDEN,
`Permission denied for action ${operation} on class ${className}.`
`Permission denied for action ${operation} on class ${className}.`,
config
);
}