Don't expose internal error messages to HTTP responses

riverqueue / riverui

A web interface for River, fast and reliable background jobs in Go.

https://ui.riverqueue.com/

Mozilla Public License 2.0

48 stars 3 forks source link

Don't expose internal error messages to HTTP responses #27

Closed bgentry closed 2 weeks ago

bgentry commented 2 weeks ago

It's not safe to just render err.String() to the HTTP response on all errors. Doing so can leak database connection strings or other internal details.