Skip to content

Commit

Permalink
mask data for sensitive errors in prod
Browse files Browse the repository at this point in the history
  • Loading branch information
@pi0
pi0 committed Jan 15, 2025
1 parent 3bebd09 commit 9f50bdb
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 7 deletions.
7 changes: 4 additions & 3 deletions src/runtime/internal/error/dev.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,16 +17,17 @@ import { defineNitroErrorHandler, setSecurityHeaders } from "./utils";

export default defineNitroErrorHandler(
async function defaultNitroErrorHandler(error, event) {
const isSensitive = error.unhandled || error.fatal;
const statusCode = error.statusCode || 500;
const statusMessage = error.statusMessage || "Server Error";
// prettier-ignore
const url = getRequestURL(event, { xForwardedHost: true, xForwardedProto: true }).toString();

// Load stack trace with source maps
await loadStackTrace(error).catch(() => {});
await loadStackTrace(error).catch(consola.error);

// Console output
if (error.unhandled || error.fatal) {
if (isSensitive) {
// prettier-ignore
const tags = [error.unhandled && "[unhandled]", error.fatal && "[fatal]"].filter(Boolean).join(" ")
consola.error(
Expand Down Expand Up @@ -94,7 +95,7 @@ export async function loadStackTrace(error: any) {
Object.defineProperty(error, "stack", { value: stack });

if (error.cause) {
await loadStackTrace(error.cause).catch(() => {});
await loadStackTrace(error.cause).catch(consola.error);
}
}

Expand Down
8 changes: 4 additions & 4 deletions src/runtime/internal/error/prod.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,14 @@ import { defineNitroErrorHandler, setSecurityHeaders } from "./utils";

export default defineNitroErrorHandler(
function defaultNitroErrorHandler(error, event) {
const isSensitive = error.unhandled || error.fatal;
const statusCode = error.statusCode || 500;
const statusMessage = error.statusMessage || "Server Error";
// prettier-ignore
const url = getRequestURL(event, { xForwardedHost: true, xForwardedProto: true }).toString();

// Console output
if (error.unhandled || error.fatal) {
if (isSensitive) {
// prettier-ignore
const tags = [error.unhandled && "[unhandled]", error.fatal && "[fatal]"].filter(Boolean).join(" ")
console.error(
Expand All @@ -38,9 +39,8 @@ export default defineNitroErrorHandler(
url,
statusCode,
statusMessage,
message:
error.unhandled || error.fatal ? "Server Error" : error.message,
data: error.data,
message: isSensitive ? "Server Error" : error.message,
data: isSensitive ? undefined : error.data,
},
null,
2
Expand Down

0 comments on commit 9f50bdb

Please sign in to comment.