fix: hide unhandled error messages in prod (#2591)

pi0 · web-flow · commit a8234d3b4bbd · 2024-07-07T17:04:58.000+02:00
diff --git a/src/runtime/internal/error.ts b/src/runtime/internal/error.ts
@@ -21,7 +21,10 @@ interface ParsedError {
 
 export default defineNitroErrorHandler(
   function defaultNitroErrorHandler(error, event) {
-    const { stack, statusCode, statusMessage, message } = normalizeError(error);
+    const { stack, statusCode, statusMessage, message } = normalizeError(
+      error,
+      isDev
+    );
 
     const showDetails = isDev && statusCode !== 404;
 
diff --git a/src/runtime/internal/utils.ts b/src/runtime/internal/utils.ts
@@ -55,33 +55,41 @@ export function isJsonRequest(event: H3Event) {
   );
 }
 
-export function normalizeError(error: any) {
+export function normalizeError(error: any, isDev?: boolean) {
   // temp fix for https://github.com/unjs/nitro/issues/759
   // TODO: investigate vercel-edge not using unenv pollyfill
   const cwd = typeof process.cwd === "function" ? process.cwd() : "/";
-  const stack = ((error.stack as string) || "")
-    .split("\n")
-    .splice(1)
-    .filter((line) => line.includes("at "))
-    .map((line) => {
-      const text = line
-        .replace(cwd + "/", "./")
-        .replace("webpack:/", "")
-        .replace("file://", "")
-        .trim();
-      return {
-        text,
-        internal:
-          (line.includes("node_modules") && !line.includes(".cache")) ||
-          line.includes("internal") ||
-          line.includes("new Promise"),
-      };
-    });
+
+  // Hide details of unhandled/fatal errors in production
+  const hideDetails = !isDev && (error.unhandled || error.fatal);
+
+  const stack = hideDetails
+    ? []
+    : ((error.stack as string) || "")
+        .split("\n")
+        .splice(1)
+        .filter((line) => line.includes("at "))
+        .map((line) => {
+          const text = line
+            .replace(cwd + "/", "./")
+            .replace("webpack:/", "")
+            .replace("file://", "")
+            .trim();
+          return {
+            text,
+            internal:
+              (line.includes("node_modules") && !line.includes(".cache")) ||
+              line.includes("internal") ||
+              line.includes("new Promise"),
+          };
+        });
 
   const statusCode = error.statusCode || 500;
   const statusMessage =
     error.statusMessage ?? (statusCode === 404 ? "Not Found" : "");
-  const message = error.message || error.toString();
+  const message = hideDetails
+    ? "internal server error"
+    : error.message || error.toString();
 
   return {
     stack,
