35328be26b
Escape strings in HTML output (XSS fix)
...
Modify the template producing HTML error responses to correctly
escape all strings that are possibly coming from the client making the
request. Before this change, the error responses were vulnerable to XSS
(cross-site scripting) attacks.
2018-01-25 14:16:24 +01:00
4d973929c1
Add new option: negotiateContentType
...
The option controls whether response content type is negotiated with
the client and it's enabled by default.
2017-07-20 10:19:29 +02:00
382fffc8b0
Add a machine-readable "code" property
...
Include `error.code` in 4xx responses.
2017-02-01 10:10:20 +01:00
461867de1d
Upgrade dependencies to their latest versions
...
Also:
- fix linting errors after upgrading eslint-config-loopback
- fix a bug discovered by eslint where uknown `?_format`
was throwing an unhandled error
2017-02-01 09:24:21 +01:00
936e2d4838
Stop adding safeFields to original options arg
2017-01-30 14:48:38 +01:00
4e3f6eb6cc
Support options.safeFields
2017-01-30 13:51:34 +01:00
06c53d1f73
xml support added
2017-01-09 19:01:52 +03:00
4b29acdcb0
Test with express instead of http server
2016-06-14 12:04:32 -04:00
5646680e5e
HTML response for accepted headers
2016-06-14 12:04:32 -04:00
9f74606847
Remove statusCode from details in Array errors
...
This is to preserve behavior from strong-remoting rest adapter
2016-05-25 11:12:31 -04:00
ef72b5c0f1
Include err.message and err.name for debug data
...
err.message and err.name are not enumerable,
therefore needs to be explicited added to the data obj
2016-05-20 11:00:03 -04:00
cfde2a8bb0
Handle error from res.statusCode
2016-05-13 11:27:53 -04:00
225d35994b
Initial implementation
...
The response is always JSON
Options supported: log, debug
2016-05-13 13:10:53 +02:00
Zachery Metcalf
Raj
Zak Barbuto
Miroslav Bajtoš
Ahmet Ozisik
David Cheung