Do not expose health check data in health handler

Because health check errors may expose sensitive data, we shouldn't expose the
details of the failure to clients. Instead, an error is returned to the client
with a hint about where they could find further information on why the service
is down.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
This commit is contained in:
Stephen J Day 2015-08-06 16:26:31 -07:00
parent f141480d98
commit a68e081de4

View file

@ -8,6 +8,7 @@ import (
"time" "time"
"github.com/docker/distribution/context" "github.com/docker/distribution/context"
"github.com/docker/distribution/registry/api/errcode"
) )
var ( var (
@ -214,7 +215,8 @@ func Handler(handler http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
checks := CheckStatus() checks := CheckStatus()
if len(checks) != 0 { if len(checks) != 0 {
statusResponse(w, r, http.StatusServiceUnavailable, checks) errcode.ServeJSON(w, errcode.ErrorCodeUnavailable.
WithDetail("health check failed: please see /debug/health"))
return return
} }