Closed fredrikekre closed 7 months ago
All modified and coverable lines are covered by tests :white_check_mark:
Comparison is base (
e28d1b5
) 82.70% compared to head (18edce3
) 82.69%.
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
Server side errors may contain just about anything, such as e.g. secrets, and, therefore, it seems like a bad idea to unconditionally send these back to the client. In general, there is nothing a client can do about an internal server error even if the specific internal error message is known. The server developer can already see the error in server logs so there isn't really any loss of information.
If the current behavior is actually desired it can be achieved by an outer
try-catch
in the handler function. (Of course, an outertry-catch
can also be used to make sure that a server side error never ends up at the client, but it is better to be safe by default.)Concrete example with a server that itself sends a request to another upstream server that requires authentication:
This is the output from curl: