fix(routes.js): remove metadata input name on outgoing request

Mitigate cross-site scripting on error fix #137
GluuFederation · Nov 12, 2020 · 1738306 · 1738306
1 parent 4c7f204
commit 1738306
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/server/routes.js b/server/routes.js
@@ -76,7 +76,7 @@ router.get('/auth/meta/idp/:idp',
           if (!fs.existsSync(safeFileFullPath)) {
             var EnoentError = `Requested metadata for ${metaFileName} not found`
             logger.log2('error', EnoentError)
-            res.status(404).send(EnoentError)
+            res.status(404).send('Requested metadata not found')
           } else {
             res.status(500).send(`An error occurred: ${err}`)
             logger.log2('error', err)