joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Server internal error details leaking in error messages returned to clients (#9937)

Browse Source
This commit is contained in:
Lucas Coratger
2025-11-23 13:51:42 +01:00
committed by GitHub
parent 38c9d2e359
commit 50edb5ab4b
35 changed files with 390 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/Routers/GlobalConfigRouter.js
View File

@@ -3,6 +3,7 @@ import Parse from 'parse/node';
import PromiseRouter from '../PromiseRouter';
import * as middleware from '../middlewares';
import * as triggers from '../triggers';
import { createSanitizedError } from '../Error';
const getConfigFromParams = params => {
const config = new Parse.Config();
@@ -41,9 +42,9 @@ export class GlobalConfigRouter extends PromiseRouter {
async updateGlobalConfig(req) {
if (req.auth.isReadOnly) {
throw new Parse.Error(
throw createSanitizedError(
Parse.Error.OPERATION_FORBIDDEN,
"read-only masterKey isn't allowed to update the config."
"read-only masterKey isn't allowed to update the config.",
);
}
const params = req.body.params || {};