restrict the maximum length of the X-Debug-Exception header

symfony · Jul 17, 2024 · 59ee876 · 59ee876
1 parent c25da5c
commit 59ee876
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/ErrorRenderer/HtmlErrorRenderer.php b/ErrorRenderer/HtmlErrorRenderer.php
@@ -72,7 +72,7 @@ public function render(\Throwable $exception): FlattenException
     {
         $headers = ['Content-Type' => 'text/html; charset='.$this->charset];
         if (\is_bool($this->debug) ? $this->debug : ($this->debug)($exception)) {
-            $headers['X-Debug-Exception'] = rawurlencode($exception->getMessage());
+            $headers['X-Debug-Exception'] = rawurlencode(substr($exception->getMessage(), 0, 2000));
             $headers['X-Debug-Exception-File'] = rawurlencode($exception->getFile()).':'.$exception->getLine();
         }
 

diff --git a/ErrorRenderer/SerializerErrorRenderer.php b/ErrorRenderer/SerializerErrorRenderer.php
@@ -58,7 +58,7 @@ public function render(\Throwable $exception): FlattenException
         $headers = ['Vary' => 'Accept'];
         $debug = \is_bool($this->debug) ? $this->debug : ($this->debug)($exception);
         if ($debug) {
-            $headers['X-Debug-Exception'] = rawurlencode($exception->getMessage());
+            $headers['X-Debug-Exception'] = rawurlencode(substr($exception->getMessage(), 0, 2000));
             $headers['X-Debug-Exception-File'] = rawurlencode($exception->getFile()).':'.$exception->getLine();
         }