Skip to content

Do not send stacktraces to clients #9156

New issue
New issue
Open
Open
Do not send stacktraces to clients#9156
Labels
aspect: securityAnything related to preventing vulnerabilitiescomponent: servermeta: never-staleThis issue can never become staleteam: webappIssue belongs to the WebApp teamtype: improvementImproves an existing feature or existing code
@geropl

Description

@geropl
geropl
opened on Apr 6, 2022

There are a couple of places where we currently send stack traces back to clients in error cases:

  • unhandled HTTP errors
  • websocket method errors

We should avoid that as it allows 3rd parties to not only learn about our system (they also can do so from our repo), but in theory also about certain runtime configurations that we want to keep with ourselves. As we have no advantage of having those stack traces sent to clients, we can just disable those.

Metadata

Metadata

Assignees

No one assigned

    Labels

    aspect: securityAnything related to preventing vulnerabilitiescomponent: servermeta: never-staleThis issue can never become staleteam: webappIssue belongs to the WebApp teamtype: improvementImproves an existing feature or existing code

    Type

    No type

    Projects

    🍎 WebApp Team

    Status

    No status

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions