From 9e576ce0416bc4fe16893c543b616b706b2214f6 Mon Sep 17 00:00:00 2001 From: Zak Barbuto Date: Tue, 31 Jan 2017 08:45:25 +1030 Subject: [PATCH] Describe "safeFields" option in README --- README.md | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/README.md b/README.md index 3759f3e..8be6ffe 100644 --- a/README.md +++ b/README.md @@ -79,6 +79,7 @@ The content type of the response depends on the request's `Accepts` header. | ---- | ---- | ---- | ---- | | debug | Boolean    | `false` | If `true`, HTTP responses include all error properties, including sensitive data such as file paths, URLs and stack traces. See [Example output](#example) below. | | log | Boolean | `true` | If `true`, all errors are printed via `console.error`, including an array of fields (custom error properties) that are safe to include in response messages (both 4xx and 5xx).
If `false`, sends only the error back in the response. | +| safeFields | [String] | `[]` | Specifies property names on errors that are allowed to be passed through in 4xx and 5xx responses. See [Safe error fields](#safe-error-fields) below. | ### Customizing log format @@ -124,6 +125,34 @@ Then in `server/middleware.json`, specify your custom error logging function as The default `middleware.development.json` file explicitly enables logging in strong-error-handler params, so you will need to change that file too. +### Safe error fields + +By default, `strong-error-handler` will only pass through the `name`, `message` and `details` properties of an error. Additional error +properties may be allowed through on 4xx and 5xx status code errors using the `safeFields` option to pass in an array of safe field names: + +``` +{ + "final:after": { + "strong-error-handler": { + "params": { + "safeFields": ["errorCode"] + } + } +} +``` + +Using the above configuration, an error containing an `errorCode` property will produce the following response: + +``` +{ + "error": { + "statusCode": 500, + "message": "Internal Server Error", + "errorCode": "INTERNAL_SERVER_ERROR" + } +} +``` + ## Migration from old LoopBack error handler NOTE: This is only required for applications scaffolded with old versions of the `slc loopback` tool.