You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Create a service with a unique index
Create an object
Create a second object with the same index
Expected behavior
Return a error message that states the object is a duplicate, except for any db specific information.
Something in the line of Duplicate - Index already exists
Actual behavior
You get a 409 Conflict warning containing; full database name, collection name, Index name in DB.
I consider this a potential security 'leak' that allows an attacker to gain information about internals of the system. having the keyValue in the response is fine, but it would be better to have the response message be an object like this (or similar):
It would allow the frontend to easily see what data was invalid, and present that information to the user .. for instance by setting the specific fields to invalid/hasError
Related to #55
Steps to reproduce
Create a service with a unique index
Create an object
Create a second object with the same index
Expected behavior
Return a error message that states the object is a duplicate, except for any db specific information.
Something in the line of
Duplicate - Index already existsActual behavior
You get a 409 Conflict warning containing;
full database name,collection name,Index name in DB.I consider this a potential security 'leak' that allows an attacker to gain information about internals of the system. having the keyValue in the response is fine, but it would be better to have the response message be an object like this (or similar):
It would allow the frontend to easily see what data was invalid, and present that information to the user .. for instance by setting the specific fields to invalid/hasError
System configuration
Node.js 7.4.0
feathers-cli 1.2.7
feathers-mongoose: 3.6.2
The text was updated successfully, but these errors were encountered: