MM-10348 Adding experimental hardened mode. (#8881)

* Adding experimental hardened mode. * Sanitizing all 500 errors.
author: Christopher Speller <crspeller@gmail.com> 2018-06-04 09:48:26 -0700
committer: GitHub <noreply@github.com> 2018-06-04 09:48:26 -0700
commit: 2c75247c97d0277944975deb9595b5f82a80e91e (patch)
tree: bd2bf76858fa308fc72b7f48860e6c291622149f /web
parent: bd7c9f86424a8d6609ad602e2225c4438d136415 (diff)
download: chat-2c75247c97d0277944975deb9595b5f82a80e91e.tar.gz
chat-2c75247c97d0277944975deb9595b5f82a80e91e.tar.bz2
chat-2c75247c97d0277944975deb9595b5f82a80e91e.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/web/handlers.go b/web/handlers.go
index 363b05c59..aac88aa3a 100644
--- a/web/handlers.go
+++ b/web/handlers.go
@@ -147,6 +147,16 @@ func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 			c.Err.DetailedError = ""
 		}
 
+		// Sanitize all 5xx error messages in hardened mode
+		if *c.App.Config().ServiceSettings.ExperimentalEnableHardenedMode && c.Err.StatusCode >= 500 {
+			c.Err.Id = ""
+			c.Err.Message = "Internal Server Error"
+			c.Err.DetailedError = ""
+			c.Err.StatusCode = 500
+			c.Err.Where = ""
+			c.Err.IsOAuth = false
+		}
+
 		w.WriteHeader(c.Err.StatusCode)
 		w.Write([]byte(c.Err.ToJson()))
author	Christopher Speller <crspeller@gmail.com>	2018-06-04 09:48:26 -0700
committer	GitHub <noreply@github.com>	2018-06-04 09:48:26 -0700
commit	2c75247c97d0277944975deb9595b5f82a80e91e (patch)
tree	bd2bf76858fa308fc72b7f48860e6c291622149f /web
parent	bd7c9f86424a8d6609ad602e2225c4438d136415 (diff)
download	chat-2c75247c97d0277944975deb9595b5f82a80e91e.tar.gz chat-2c75247c97d0277944975deb9595b5f82a80e91e.tar.bz2 chat-2c75247c97d0277944975deb9595b5f82a80e91e.zip