From 24bef929dc7cce8ed1f776863de7b3329aa18e37 Mon Sep 17 00:00:00 2001
From: Christopher Speller <crspeller@gmail.com>
Date: Tue, 19 Jul 2016 12:40:13 -0400
Subject: Restricting visibility of detailed_error message (#3629)

---
 api/context.go | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'api')

diff --git a/api/context.go b/api/context.go
index 2132ce0e7..b26778711 100644
--- a/api/context.go
+++ b/api/context.go
@@ -204,12 +204,18 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		h.handleFunc(c, w, r)
 	}
 
+	// Handle errors that have occoured
 	if c.Err != nil {
 		c.Err.Translate(c.T)
 		c.Err.RequestId = c.RequestId
 		c.LogError(c.Err)
 		c.Err.Where = r.URL.Path
 
+		// Block out detailed error whenn not in developer mode
+		if !*utils.Cfg.ServiceSettings.EnableDeveloper {
+			c.Err.DetailedError = ""
+		}
+
 		if h.isApi {
 			w.WriteHeader(c.Err.StatusCode)
 			w.Write([]byte(c.Err.ToJson()))
-- 
cgit v1.2.3-1-g7c22