From a087a11453d6aae4c4ff451d219e2ede043b735b Mon Sep 17 00:00:00 2001 From: D045778 Date: Fri, 6 Jun 2025 10:46:35 +0200 Subject: [PATCH] nodejs: document opt out of error sanitization --- node.js/events.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/node.js/events.md b/node.js/events.md index 9158d2e9c..c4a05c9e3 100644 --- a/node.js/events.md +++ b/node.js/events.md @@ -588,3 +588,5 @@ Content-Type: application/json > [!warning] Error Sanitization > In production, error responses should never disclose internal information that could be exploited by attackers. To ensure that, all errors with a `5xx` status code are returned to the client with only the respective generic message (example: `500 Internal Server Error`). +> +> In very rare cases, you might want to return 5xx errors with a meaningful message to the client. This can be achieved with `err.$sanitize = false`. Use that option with care!