-
|
Hello, I'm wondering if there's a way to suppress Frost's request error messages. Looking through the Frost server documentation, I haven't found any configuration parameters that would facilitate the suppression. Specifically, if a user provides an invalid query the error message will in some cases contain the strings from the request. While this does a let user know they've made an error, it has been flagged by automated security scanners as being a cross-site scripting vulnerability. I'm wondering if there is a way to suppress those error messages as a heavy handed remediation approach.
Many thanks! |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 2 replies
-
|
Currently there is no way to suppress the error messages in FROST itself. That would have to be done in a reverse proxy. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for your response! |
Beta Was this translation helpful? Give feedback.
-
|
Another option might be to sanitize the user output and replace ever character that is not in |
Beta Was this translation helpful? Give feedback.
-
|
That's a good idea. I'll give that a go first. |
Beta Was this translation helpful? Give feedback.
Currently there is no way to suppress the error messages in FROST itself. That would have to be done in a reverse proxy.
It would be an interesting option to add...