solid-start icon indicating copy to clipboard operation
solid-start copied to clipboard
verified publisher icon solidjs

[Bug?]: [security] Server stack trace sent to client on error in server action

Open yinonburgansky opened this issue 3 months ago • 0 comments

Duplicates

  • [x] I have searched the existing issues

Latest version

  • [x] I have tested the latest version

Current behavior 😯

When throwing an error in a server action the Error is being serialized and sent to the client with the stack trace which poses a security issue leaking production code file locations and function names.

Expected behavior 🤔

At least on Production don't send server's stack traces to the client.

Steps to reproduce 🕹

Any error thrown in server action:

const myAction = action(async () => {
  'use server';
  throw new Error('my server error');
});

See stackblitz full example

yinonburgansky avatar Sep 07 '25 06:09 yinonburgansky