Closed mdaneri closed 2 months ago
Out of interest, did you have either -StatusPageExceptions Show
on Start-PodeServer
or ErrorPage.StatusExceptions = $true
in the server.psd1
set? (note: in /examples
it's set to true).
The StatusException switch controls whether the exception details are shown or not (can be seen in Show-PodeErrorPage
), setting it to Hide, or false in server.psd1, stops them from being displayed.
On a fresh setup without that parameter on Start-PodeServer
and no server.psd1, the exceptions will be hidden.
The quick answer is no, and I was not aware 😊 I'm going to try it
I created this pull request yesterday in the rush because I saw it in production, and I don’t want Infosec to find this security issue
My bad. I'm closing the pull request and adding a note to the documentation
Description
This pull request introduces a modification to the error handling mechanism within Pode. The key change is the enhancement of how internal errors are reported. Previously, any internal Pode error would generate an HTTP 500 status code along with the associated exception's internal information. This approach has been updated to improve security and user experience.
Key Changes:
Default Error Handling:
Debugging Support:
-Code500Details
switch parameter to theStart-PodeServer
function.Code500Details
parameter can also be passed usingserver.psd1
in the following format:Implementation Details:
Start-PodeServer
function to include the-Code500Details
switch parameter.-Code500Details
switch.-Code500Details
switch.Example Usage:
Documentation:
Updated the function headers and inline documentation to reflect the changes. Updated the documentation to reflect the changes.