Do not expose health check data in health handler
Because health check errors may expose sensitive data, we shouldn't expose the details of the failure to clients. Instead, an error is returned to the client with a hint about where they could find further information on why the service is down. Signed-off-by: Stephen J Day <stephen.day@docker.com>
This commit is contained in:
Stephen J Day
parent
f141480d98
commit
a68e081de4
1 changed files with 3 additions and 1 deletions
|
|
@ -8,6 +8,7 @@ import (
|
|||
"time"
|
||||
|
||||
"github.com/docker/distribution/context"
|
||||
"github.com/docker/distribution/registry/api/errcode"
|
||||
)
|
||||
|
||||
var (
|
||||
|
|
@ -214,7 +215,8 @@ func Handler(handler http.Handler) http.Handler {
|
|||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
checks := CheckStatus()
|
||||
if len(checks) != 0 {
|
||||
statusResponse(w, r, http.StatusServiceUnavailable, checks)
|
||||
errcode.ServeJSON(w, errcode.ErrorCodeUnavailable.
|
||||
WithDetail("health check failed: please see /debug/health"))
|
||||
return
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue