Safer handling of internal server errors (500) #2669
StLyn4
started this conversation in
Feature Requests & Ideas
Replies: 1 comment
-
|
You can also use a |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
First of all, I want to say a huge thank you to everyone who took part in the development! You are making a great product!
I want to ask a small question regarding error handling. Don't you think that unhandled internal errors (those with code 500) are better hidden? I mean their text. There can be anything, up to some sensitive data. I think this is still not a big enough problem to consider it a vulnerability. However, it is still a potential source of sensitive information leakage. Therefore, I suggest that before sending a response, check the error code and replace the response with something in the spirit of "Something went wrong". At the same time, output information to the terminal as before. As I understand it, this happens in
src/graphql/errorHandler.tsandsrc/express/middleware/errorHandler.ts.Beta Was this translation helpful? Give feedback.
All reactions