fix: feedbacks

Author: coratgerl

spec/Utils.spec.js

@@ -176,8 +176,8 @@ describe('Utils', () => {
   });
 
   describe('createSanitizedError', () => {
-    it('should return "Permission denied" when disableSanitizeError is false or undefined', () => {
-      const config = { disableSanitizeError: false };
+    it('should return "Permission denied" when enableSanitizedErrorResponse is false or undefined', () => {
+      const config = { enableSanitizedErrorResponse: true };
       const error = createSanitizedError(Parse.Error.OPERATION_FORBIDDEN, 'Detailed error message', config);
       expect(error.message).toBe('Permission denied');
     });
@@ -187,16 +187,16 @@ describe('Utils', () => {
       expect(error.message).toBe('Permission denied');
     });
 
-    it('should return the detailed message when disableSanitizeError is true', () => {
-      const config = { disableSanitizeError: true };
+    it('should return the detailed message when enableSanitizedErrorResponse is true', () => {
+      const config = { enableSanitizedErrorResponse: false };
       const error = createSanitizedError(Parse.Error.OPERATION_FORBIDDEN, 'Detailed error message', config);
       expect(error.message).toBe('Detailed error message');
     });
   });
 
   describe('createSanitizedHttpError', () => {
-    it('should return "Permission denied" when disableSanitizeError is false or undefined', () => {
-      const config = { disableSanitizeError: false };
+    it('should return "Permission denied" when enableSanitizedErrorResponse is false or undefined', () => {
+      const config = { enableSanitizedErrorResponse: true };
       const error = createSanitizedHttpError(403, 'Detailed error message', config);
       expect(error.message).toBe('Permission denied');
     });
@@ -206,8 +206,8 @@ describe('Utils', () => {
       expect(error.message).toBe('Permission denied');
     });
 
-    it('should return the detailed message when disableSanitizeError is true', () => {
-      const config = { disableSanitizeError: true };
+    it('should return the detailed message when enableSanitizedErrorResponse is true', () => {
+      const config = { enableSanitizedErrorResponse: false };
       const error = createSanitizedHttpError(403, 'Detailed error message', config);
       expect(error.message).toBe('Detailed error message');
     });

src/Error.js

@@ -16,7 +16,7 @@ function createSanitizedError(errorCode, detailedMessage, config) {
     defaultLogger.error(detailedMessage);
   }
 
-  return new Parse.Error(errorCode, config?.disableSanitizeError ? detailedMessage : 'Permission denied');
+  return new Parse.Error(errorCode, config?.enableSanitizedErrorResponse !== false ? 'Permission denied' : detailedMessage);
 }
 
 /**
@@ -37,7 +37,7 @@ function createSanitizedHttpError(statusCode, detailedMessage, config) {
 
   const error = new Error();
   error.status = statusCode;
-  error.message = config?.disableSanitizeError ? detailedMessage : 'Permission denied';
+  error.message = config?.enableSanitizedErrorResponse !== false ? 'Permission denied' : detailedMessage;
   return error;
 }
 

src/Options/Definitions.js

@@ -199,13 +199,6 @@ module.exports.ParseServerOptions = {
     action: parsers.booleanParser,
     default: true,
   },
-  disableSanitizeError: {
-    env: 'PARSE_SERVER_DISABLE_SANITIZE_ERROR',
-    help:
-      'If true, disables sanitizing errors and returns the detailed message instead of "Permission denied".',
-    action: parsers.booleanParser,
-    default: false,
-  },
   dotNetKey: {
     env: 'PARSE_SERVER_DOT_NET_KEY',
     help: 'Key for Unity and .Net SDK',
@@ -254,6 +247,13 @@ module.exports.ParseServerOptions = {
     action: parsers.booleanParser,
     default: true,
   },
+  enableSanitizedErrorResponse: {
+    env: 'PARSE_SERVER_ENABLE_SANITIZED_ERROR_RESPONSE',
+    help:
+      'If set to `true`, error details are removed from error messages in responses to client requests, and instead a generic error message is sent. Default is `true`.',
+    action: parsers.booleanParser,
+    default: true,
+  },
   encodeParseObjectInCloudFunction: {
     env: 'PARSE_SERVER_ENCODE_PARSE_OBJECT_IN_CLOUD_FUNCTION',
     help:

src/Options/docs.js

@@ -347,9 +347,9 @@ export interface ParseServerOptions {
   rateLimit: ?(RateLimitOptions[]);
   /* Options to customize the request context using inversion of control/dependency injection.*/
   requestContextMiddleware: ?(req: any, res: any, next: any) => void;
-  /* If true, disables sanitizing errors and returns the detailed message instead of "Permission denied".
-  :DEFAULT: false */
-  disableSanitizeError: ?boolean;
+  /* If set to `true`, error details are removed from error messages in responses to client requests, and instead a generic error message is sent. Default is `true`.
+  :DEFAULT: true */
+  enableSanitizedErrorResponse: ?boolean;
 }
 
 export interface RateLimitOptions {