When I call / route address with no parameters or when there is an error, in the server response I have redundant information even about the java version, which is not safe.
How to disable stackTrace information in server response?
is there any parameter for production mode?
graphhopper-web-5.3.jar
openjdk version “11.0.15” 2022-04-19
OpenJDK Runtime Environment (build 11.0.15+10-post-Debian-1deb11u1)
OpenJDK 64-Bit Server VM (build 11.0.15+10-post-Debian-1deb11u1, mixed mode, sharing)
In com.graphhopper.http.MultiExceptionMapper remove .entity(e) from the Response in the toResponse method.
You probably want to do the same for com.graphhopper.http.IllegalArgumentExceptionMapper.
To better control your server’s output you could use a proxy as well.
@karussell Why do we do this (add the exception object to the server response, which then includes the error stack trace)?
how to do it i only have the graphhopper-web-5.3.jar file?
I have a proxy, but I also need error messages but no trace
it does not need it, it affects the server’s security anyway
You need to modify the source code and build the jar from the modified sources.
Then maybe it is worth introducing some argument while running the JAR file to disable this, it will affect the security suing
I don’t think so. But I do wonder why we add the stack trace in the first place.
