Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ensure stack traces are removed from all server side errors #5541

Merged
merged 9 commits into from
Mar 21, 2023

Conversation

brophdawg11
Copy link
Contributor

Ensure all server-side flows are stripping Error stack traces in production mode, including document requests, data requests, resource requests, and deferred responses.

Closes: #5445
Related: #5446, #5199

Testing Strategy: new integration tests

@changeset-bot
Copy link

changeset-bot bot commented Feb 22, 2023

🦋 Changeset detected

Latest commit: a40c141

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 18 packages
Name Type
@remix-run/server-runtime Patch
@remix-run/cloudflare Patch
@remix-run/deno Patch
@remix-run/dev Patch
@remix-run/node Patch
@remix-run/react Patch
@remix-run/cloudflare-pages Patch
@remix-run/cloudflare-workers Patch
create-remix Patch
@remix-run/css-bundle Patch
@remix-run/architect Patch
@remix-run/express Patch
@remix-run/netlify Patch
@remix-run/testing Patch
@remix-run/vercel Patch
@remix-run/serve Patch
remix Patch
@remix-run/eslint-config Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

expect(html).not.toMatch("RESOLVED");
expect(html).toMatch('{"message":"REJECTED"}');
// TODO: I think we should be getting the stack here too?
expect(html).toMatch(/stack/i);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jacob-ebey Should we get the stack here? I think it might have something to do with not having NODE_ENV set right in the E2E setup?

let html = await response.text();
expect(html).toMatch("Defer Error");
expect(html).not.toMatch("RESOLVED");
// TODO: is this expected or should we get "Unexpected Server Error" here?
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jacob-ebey I think this isn't working also because of NODE_ENV?

Comment on lines +55 to +62
export function sanitizeError<T = unknown>(error: T, serverMode: ServerMode) {
if (error instanceof Error && serverMode !== ServerMode.Development) {
let sanitized = new Error("Unexpected Server Error");
sanitized.stack = undefined;
return sanitized;
}
return error;
}
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be the underlying method that every Error runs through

error: Error,
serverMode: ServerMode
): SerializedError {
let sanitized = sanitizeError(error, serverMode);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sanitize all errors before serializing them

@@ -89,7 +89,7 @@ export const createRequestHandler: CreateRequestHandlerFunction = (
let match = matches!.find((match) => match.route.id == routeId)!;
response = await build.entry.module.handleDataRequest(response, {
context: loadContext,
params: match.params,
params: match ? match.params : {},
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Be defensive in the case of /valid-route?_data=not-a-valid-route

headers: {
"X-Remix-Error": "yes",
},
});
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

errorBoundaryError was only being used in this one spot so I inlined it

// Sanitize errors outside of development environments
if (context.errors) {
context.errors = sanitizeErrors(context.errors, serverMode);
}
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sanitize before we render from this context

@brophdawg11 brophdawg11 force-pushed the brophdawg11/sanitize-errors branch from 8ae953f to ef3042e Compare March 6, 2023 23:22
@brophdawg11 brophdawg11 self-assigned this Mar 17, 2023
@brophdawg11 brophdawg11 merged commit 074b5e8 into dev Mar 21, 2023
@brophdawg11 brophdawg11 deleted the brophdawg11/sanitize-errors branch March 21, 2023 19:04
@github-actions github-actions bot added the awaiting release This issue has been fixed and will be released soon label Mar 21, 2023
@github-actions
Copy link
Contributor

🤖 Hello there,

We just published version v0.0.0-nightly-d6c9737-20230322 which includes this pull request. If you'd like to take it for a test run please try it out and let us know what you think!

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
awaiting release This issue has been fixed and will be released soon CLA Signed package:server-runtime renderer:react
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants