@@ -2061,12 +2061,36 @@ def _load_or_create_secret_key():
20612061app .config ['SESSION_COOKIE_HTTPONLY' ] = True
20622062app .config ['REMEMBER_COOKIE_SECURE' ] = True
20632063app .config ['SESSION_COOKIE_SAMESITE' ] = 'Lax'
2064+ app .config ['PROPAGATE_EXCEPTIONS' ] = False
2065+ app .config ['TRAP_HTTP_EXCEPTIONS' ] = True
20642066app .config ["fd" ] = None
20652067app .config ["child_pid" ] = None
20662068app .jinja_env .filters ['fromjson' ] = fromjson
20672069app .jinja_env .filters ['markdown' ] = markdown_to_html
20682070BASE_DIR = os .getcwd ()
20692071TOOLS_DIR = f'{ BASE_DIR } /tools'
2072+
2073+
2074+ @app .errorhandler (404 )
2075+ def _handle_404 (_error ):
2076+ return jsonify ({"error" : "not found" }), 404
2077+
2078+
2079+ @app .errorhandler (405 )
2080+ def _handle_405 (_error ):
2081+ return jsonify ({"error" : "method not allowed" }), 405
2082+
2083+
2084+ @app .errorhandler (Exception )
2085+ def _handle_exception (error ):
2086+ """Generic error handler that never leaks stack traces or exception messages.
2087+
2088+ Even when ``config.enable_c2_debug`` is on, the response body stays
2089+ generic. Verbose details are still logged server-side for operators.
2090+ """
2091+ if config .enable_c2_debug :
2092+ logger .exception ("[c2] unhandled exception: %s" , error )
2093+ return jsonify ({"error" : "internal server error" }), 500
20702094BASE_DIR += "/sessions/"
20712095UPLOAD_FOLDER = BASE_DIR + 'uploads'
20722096app .config ['UPLOAD_FOLDER' ] = UPLOAD_FOLDER
0 commit comments