joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add Parse Server option enableSanitizedErrorResponse to remove detailed error messages from responses sent to clients (#9944)

Browse Source
This commit is contained in:
Lucas Coratger
2025-11-28 19:48:35 +01:00
committed by GitHub
parent 73e78127c2
commit 47521974ae
24 changed files with 121 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/Error.js
View File

@@ -8,7 +8,7 @@ import defaultLogger from './logger';
* @param {string} detailedMessage - The detailed error message to log server-side
* @returns {Parse.Error} A Parse.Error with sanitized message
*/
function createSanitizedError(errorCode, detailedMessage) {
function createSanitizedError(errorCode, detailedMessage, config) {
// On testing we need to add a prefix to the message to allow to find the correct call in the TestUtils.js file
if (process.env.TESTING) {
defaultLogger.error('Sanitized error:', detailedMessage);
@@ -16,7 +16,7 @@ function createSanitizedError(errorCode, detailedMessage) {
defaultLogger.error(detailedMessage);
}
return new Parse.Error(errorCode, 'Permission denied');
return new Parse.Error(errorCode, config?.enableSanitizedErrorResponse !== false ? 'Permission denied' : detailedMessage);
}
/**
@@ -27,7 +27,7 @@ function createSanitizedError(errorCode, detailedMessage) {
* @param {string} detailedMessage - The detailed error message to log server-side
* @returns {Error} An Error with sanitized message
*/
function createSanitizedHttpError(statusCode, detailedMessage) {
function createSanitizedHttpError(statusCode, detailedMessage, config) {
// On testing we need to add a prefix to the message to allow to find the correct call in the TestUtils.js file
if (process.env.TESTING) {
defaultLogger.error('Sanitized error:', detailedMessage);
@@ -37,7 +37,7 @@ function createSanitizedHttpError(statusCode, detailedMessage) {
const error = new Error();
error.status = statusCode;
error.message = 'Permission denied';
error.message = config?.enableSanitizedErrorResponse !== false ? 'Permission denied' : detailedMessage;
return error;
}