Ambiorix's error handling does not seem to work. It always sends the actual error message to the client.
Reprex
library(ambiorix)
app <- Ambiorix$new()
app$get("/", \(req, res) {
res$send("Hello, World!")
})
# simulate error (object 'Pikachu' is not defined)
app$get("/whoami", \(req, res) {
print(Pikachu)
})
# `not_found` works as expected✅
app$not_found <- \(req, res) {
res$status <- 404L
res$send("Oops, the page you're looking for was not found!")
}
# `error` does NOT work as expected❌
# Instead of sending this to the client, it sends the actual
# error message
app$error <- \(req, res) {
res$status <- 500L
res$send("Uhhmmm... Looks like there's an error from our side :(")
}
app$start(port = 8000L, open = FALSE)
Expectation
When an error occurs, it should send the customized message instead of the actual error message. For purposes of security.
Description
Ambiorix's error handling does not seem to work. It always sends the actual error message to the client.
Reprex
Expectation
When an error occurs, it should send the customized message instead of the actual error message. For purposes of security.