From 59ee8765919191f21aa021fef3204ddd7c4cdb82 Mon Sep 17 00:00:00 2001
From: Christian Flothmann <christian.flothmann@qossmic.com>
Date: Wed, 17 Jul 2024 16:17:24 +0200
Subject: [PATCH] restrict the maximum length of the X-Debug-Exception header

---
 ErrorRenderer/HtmlErrorRenderer.php       | 2 +-
 ErrorRenderer/SerializerErrorRenderer.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ErrorRenderer/HtmlErrorRenderer.php b/ErrorRenderer/HtmlErrorRenderer.php
index 05cbeec..0602ea4 100644
--- a/ErrorRenderer/HtmlErrorRenderer.php
+++ b/ErrorRenderer/HtmlErrorRenderer.php
@@ -72,7 +72,7 @@ public function render(\Throwable $exception): FlattenException
     {
         $headers = ['Content-Type' => 'text/html; charset='.$this->charset];
         if (\is_bool($this->debug) ? $this->debug : ($this->debug)($exception)) {
-            $headers['X-Debug-Exception'] = rawurlencode($exception->getMessage());
+            $headers['X-Debug-Exception'] = rawurlencode(substr($exception->getMessage(), 0, 2000));
             $headers['X-Debug-Exception-File'] = rawurlencode($exception->getFile()).':'.$exception->getLine();
         }
 
diff --git a/ErrorRenderer/SerializerErrorRenderer.php b/ErrorRenderer/SerializerErrorRenderer.php
index e6c4c89..69ec52c 100644
--- a/ErrorRenderer/SerializerErrorRenderer.php
+++ b/ErrorRenderer/SerializerErrorRenderer.php
@@ -58,7 +58,7 @@ public function render(\Throwable $exception): FlattenException
         $headers = ['Vary' => 'Accept'];
         $debug = \is_bool($this->debug) ? $this->debug : ($this->debug)($exception);
         if ($debug) {
-            $headers['X-Debug-Exception'] = rawurlencode($exception->getMessage());
+            $headers['X-Debug-Exception'] = rawurlencode(substr($exception->getMessage(), 0, 2000));
             $headers['X-Debug-Exception-File'] = rawurlencode($exception->getFile()).':'.$exception->getLine();
         }