diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index bd22674d49bef..f2ca11c88f2a0 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,3 +1,11 @@ +* Use a static error message when raising `ActionDispatch::Http::Parameters::ParseError` + to avoid inadvertently logging the HTTP request body at the `fatal` level when it contains + malformed JSON. + + Fixes #41145 + + *Aaron Lahey* + * Add `Middleware#delete!` to delete middleware or raise if not found. `Middleware#delete!` works just like `Middleware#delete` but will diff --git a/actionpack/lib/action_dispatch/http/parameters.rb b/actionpack/lib/action_dispatch/http/parameters.rb index 1cc3abdd9999b..d2aaf7c936aea 100644 --- a/actionpack/lib/action_dispatch/http/parameters.rb +++ b/actionpack/lib/action_dispatch/http/parameters.rb @@ -17,8 +17,8 @@ module Parameters # Raised when raw data from the request cannot be parsed by the parser # defined for request's content MIME type. class ParseError < StandardError - def initialize - super($!.message) + def initialize(message = $!.message) + super(message) end end @@ -93,7 +93,7 @@ def parse_formatted_parameters(parsers) strategy.call(raw_post) rescue # JSON or Ruby code block errors. log_parse_error_once - raise ParseError + raise ParseError, "Error occurred while parsing request parameters" end end diff --git a/actionpack/test/dispatch/request/json_params_parsing_test.rb b/actionpack/test/dispatch/request/json_params_parsing_test.rb index bbf98912f3b5e..7dc467e36d011 100644 --- a/actionpack/test/dispatch/request/json_params_parsing_test.rb +++ b/actionpack/test/dispatch/request/json_params_parsing_test.rb @@ -80,7 +80,7 @@ def teardown post "/parse", params: json, headers: { "CONTENT_TYPE" => "application/json", "action_dispatch.show_exceptions" => false } end assert_equal JSON::ParserError, exception.cause.class - assert_equal exception.cause.message, exception.message + assert_equal "Error occurred while parsing request parameters", exception.message ensure $stderr = STDERR end