joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add Parse Server option enableSanitizedErrorResponse to remove detailed error messages from responses sent to clients (#9944)

Browse Source
This commit is contained in:
Lucas Coratger
2025-11-28 19:48:35 +01:00
committed by GitHub
parent 73e78127c2
commit 47521974ae
24 changed files with 121 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/SharedRest.js
View File

@@ -9,12 +9,13 @@ const classesWithMasterOnlyAccess = [
const { createSanitizedError } = require('./Error');
// Disallowing access to the _Role collection except by master key
function enforceRoleSecurity(method, className, auth) {
function enforceRoleSecurity(method, className, auth, config) {
if (className === '_Installation' && !auth.isMaster && !auth.isMaintenance) {
if (method === 'delete' || method === 'find') {
throw createSanitizedError(
Parse.Error.OPERATION_FORBIDDEN,
`Clients aren't allowed to perform the ${method} operation on the installation collection.`
`Clients aren't allowed to perform the ${method} operation on the installation collection.`,
config
);
}
}
@@ -27,7 +28,8 @@ function enforceRoleSecurity(method, className, auth) {
) {
throw createSanitizedError(
Parse.Error.OPERATION_FORBIDDEN,
`Clients aren't allowed to perform the ${method} operation on the ${className} collection.`
`Clients aren't allowed to perform the ${method} operation on the ${className} collection.`,
config
);
}
@@ -35,7 +37,8 @@ function enforceRoleSecurity(method, className, auth) {
if (auth.isReadOnly && (method === 'delete' || method === 'create' || method === 'update')) {
throw createSanitizedError(
Parse.Error.OPERATION_FORBIDDEN,
`read-only masterKey isn't allowed to perform the ${method} operation.`
`read-only masterKey isn't allowed to perform the ${method} operation.`,
config
);
}
}