joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Server internal error details leaking in error messages returned to clients (#9937)

Browse Source
This commit is contained in:
Lucas Coratger
2025-11-23 13:51:42 +01:00
committed by GitHub
parent 38c9d2e359
commit 50edb5ab4b
35 changed files with 390 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/Routers/GraphQLRouter.js
View File

@@ -1,6 +1,7 @@
import Parse from 'parse/node';
import PromiseRouter from '../PromiseRouter';
import * as middleware from '../middlewares';
import { createSanitizedError } from '../Error';
const GraphQLConfigPath = '/graphql-config';
@@ -14,9 +15,9 @@ export class GraphQLRouter extends PromiseRouter {
async updateGraphQLConfig(req) {
if (req.auth.isReadOnly) {
throw new Parse.Error(
throw createSanitizedError(
Parse.Error.OPERATION_FORBIDDEN,
"read-only masterKey isn't allowed to update the GraphQL config."
"read-only masterKey isn't allowed to update the GraphQL config.",
);
}
const data = await req.config.parseGraphQLController.updateGraphQLConfig(req.body?.params || {});