Various API end points return no information at all about the error when an exception is thrown

[simon-20]

Brief Description
In pub-get-stats-all/index.js, when an exception is thrown, the app returns a server 500 and attempts to convert the exception to a JSON object to send back to the client.

But this conversion process is broken, meaning that the client never receives any details about the error, just a 500 status with no further information.

The problem is that calling JSON.stringify(err) on an exception object err returns {}. The call needs to be JSON.stringify(err, Object.getOwnPropertyNames(err)).

[tillywoodfield]

@simon-20, for a 500 error, would it be better to log the exception details, rather than return them to the user, as it exposes information about the internal workings of the app?

[simon-20]

@simon-20, for a 500 error, would it be better to log the exception details, rather than return them to the user, as it exposes information about the internal workings of the app?

Hi Tilly, that's probably a good idea, even just for security reasons. It's likely to be IATI Devs who are using this info, though, so perhaps not something completely generic?