parse-server
parse-server copied to clipboard
parse-community
Remove detailed error from error messages
New Feature / Enhancement Checklist
- [x] I am not disclosing a vulnerability.
- [x] I am not just asking a question.
- [x] I have searched through existing issues.
Current Limitation
For some requests, Parse Server returns more information than necessary in the error response. For example:
unauthorized: master key is required
This is providing an outside attacker with more info than necessary.
Feature / Enhancement Description
Especially when it comes to access / permission errors, I suggest to make the error messages more ambiguous by generalizing them and removing any specific information. Instead of explaining why a request was unauthorized, the error should be only unauthorized without any further details. The detailed error message should only be logged server side.
The task would be:
- identify error messages that should be generalized
- ensure a detailed error message is logged server side
This should not be a breaking change, as long as the error code does not change. Changes of error messages are not considered breaking as logic that relies on parsing error messages is considered bad practice anyway.
Thanks for opening this issue!
- 🎉 We are excited about your ideas for improvement!
![parse-github-assistant[bot] avatar](https://avatars.githubusercontent.com/in/136195?v=4 "Published by a pub.dev verified publisher"){kind=small}
Please feel free to pick this up and post a comment for others to be aware that it's in the works.
@mtrezza basically i have to do this in /src/Adapters/Auth or there any other folder also ?
This relates to any response message across Parse Server where more information than necessary is returned. I suggest to do this with just 1 or a few messages, then open a PR for feedback, so you don't make a lot of changes and then have to modify them again.