terribleplan/next.js
1
0
Fork 0
mirror of https://github.com/terribleplan/next.js.git synced 2024-01-19 02:48:18 +00:00
Code Issues Releases Wiki Activity

Make sure we do not expose stacktraces in production (#2843)

Browse source
This commit is contained in:
Tim Neutkens 2017-08-24 23:17:38 +02:00 committed by Arunoda Susiripala
parent 26c5d90b2f
commit 75a43f5a71
1 changed files with 3 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
server/render.js
View file

@ -138,14 +138,14 @@ export async function renderScript (req, res, page, opts) {
} }
} }
export async function renderScriptError (req, res, page, error, customFields, opts) { export async function renderScriptError (req, res, page, error, customFields, { dev }) {
// Asks CDNs and others to not to cache the errored page // Asks CDNs and others to not to cache the errored page
res.setHeader('Cache-Control', 'no-store, must-revalidate') res.setHeader('Cache-Control', 'no-store, must-revalidate')
// prevent XSS attacks by filtering the page before printing it. // prevent XSS attacks by filtering the page before printing it.
page = xssFilters.uriInSingleQuotedAttr(page) page = xssFilters.uriInSingleQuotedAttr(page)
res.setHeader('Content-Type', 'text/javascript')
if (error.code === 'ENOENT') { if (error.code === 'ENOENT') {
res.setHeader('Content-Type', 'text/javascript')
res.end(` res.end(`
window.__NEXT_REGISTER_PAGE('${page}', function() { window.__NEXT_REGISTER_PAGE('${page}', function() {
var error = new Error('Page does not exist: ${page}') var error = new Error('Page does not exist: ${page}')
@ -157,9 +157,8 @@ export async function renderScriptError (req, res, page, error, customFields, op
return return
} }
res.setHeader('Content-Type', 'text/javascript')
const errorJson = { const errorJson = {
...errorToJSON(error), ...serializeError(dev, error),
...customFields ...customFields
} }