Don't expose error details to client (#1107)

Closes #549
getodk · Mar 18, 2024 · 5be9ed7 · 5be9ed7
1 parent 3420238
commit 5be9ed7
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 11 deletions.
diff --git a/lib/http/endpoint.js b/lib/http/endpoint.js
@@ -218,15 +218,10 @@ const defaultErrorWriter = (error, request, response) => {
       details: error.problemDetails
     });
   } else {
-    const details = {};
-    if (error?.stack != null)
-      details.stack = error.stack.split('\n').map((x) => x.trim());
-
     debugger; // trip debugger if attached.
     process.stderr.write(inspect(error));
     response.status(500).type('application/json').send({
-      message: `Completely unhandled exception: ${error?.message}`,
-      details
+      message: 'Internal Server Error',
     });
   }
 };

diff --git a/test/unit/http/endpoint.js b/test/unit/http/endpoint.js
@@ -60,13 +60,12 @@ describe('endpoints', () => {
       defaultErrorWriter(new Problem(409.1138, 'test message', { x: 1 }), null, response);
     });
 
-    it('should turn remaining errors into unknown Problems', (done) => {
+    it('should turn remaining errors into internal server errors', (done) => {
       const response = createModernResponse();
       const error = new Error('oops');
-      error.stack = ''; // strip stack so that our test output isn't super polluted
       response.on('end', () => {
         response.statusCode.should.equal(500);
-        response._getData().message.should.equal('Completely unhandled exception: oops');
+        response._getData().should.deepEqual({ message: 'Internal Server Error' });
         done();
       });
       defaultErrorWriter(error, null, response);
@@ -86,7 +85,7 @@ describe('endpoints', () => {
       const response = createModernResponse();
       response.on('end', () => {
         response.statusCode.should.equal(500);
-        response._getData().message.should.equal('Completely unhandled exception: undefined');
+        response._getData().should.deepEqual({ message: 'Internal Server Error' });
         done();
       });
       defaultErrorWriter(null, null, response);
@@ -604,7 +603,7 @@ describe('endpoints', () => {
 
         response.statusCode.should.equal(500);
         response.getHeader('Content-Type').should.equal('application/json');
-        response._getData().message.should.equal('Completely unhandled exception: test');
+        response._getData().should.deepEqual({ message: 'Internal Server Error' });
       });
 
       it('should wrap problems in openrosa xml envelopes', () => {