Frontend Get User-Flow Errors API exposes technical details

[OskarsPakers]

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe the bug

When there are errors during the login flow, e.g. connectivity isseus to the database, error response might contain technical details such as IP addresses. It is frontend API hence all details visible/accisible to the user.

Reproducing the bug

Easiest way to reproduce is stopping database after flow is started and choose authentication provider.

{
"error": {
"code": 500,
"status": "Internal Server Error",
"message": "FATAL: terminating connection due to administrator command (SQLSTATE 57P01)"
}
}

If there are issues in connecting to openid provider it might as well return IP addresses e.g.

{
"id": "86699ea5-8293-4f3f-80e3-f71265444714",
"error": {
"code": 500,
"status": "Internal Server Error",
"message": "unable to fetch records: write failed: write tcp 127.0.0.1:50556->127.0.0.1:5432: write: broken pipe"
},
"created_at": "2024-09-06T09:09:39.895651Z",
"updated_at": "2024-09-06T09:09:39.895651Z"
}

Relevant log output

No response

Relevant configuration

No response

Version

v1.2.0

On which operating system are you observing this issue?

Windows

In which environment are you deploying?

Docker Compose

Additional Context

No response