import {
send,
setResponseHeader,
setResponseHeaders,
setResponseStatus
} from "h3";
import { defineNitroErrorHandler } from "./internal/error/utils.mjs";
import { isJsonRequest, normalizeError } from "./utils.mjs";
export { defineNitroErrorHandler } from "./internal/error/utils.mjs";
const isDev = process.env.NODE_ENV === "development";
export default defineNitroErrorHandler(
function defaultNitroErrorHandler(error, event) {
const { stack, statusCode, statusMessage, message } = normalizeError(
error,
isDev
);
const showDetails = isDev && statusCode !== 404;
const errorObject = {
url: event.path || "",
statusCode,
statusMessage,
message,
stack: showDetails ? stack.map((i) => i.text) : void 0
};
if (error.unhandled || error.fatal) {
const tags = [
"[request error]",
error.unhandled && "[unhandled]",
error.fatal && "[fatal]"
].filter(Boolean).join(" ");
console.error(
tags,
error.message + "\n" + stack.map((l) => " " + l.text).join(" \n")
);
}
if (statusCode === 404) {
setResponseHeader(event, "Cache-Control", "no-cache");
}
setResponseHeaders(event, {
// Disable the execution of any js
"Content-Security-Policy": "script-src 'none'; frame-ancestors 'none';",
// Prevent browser from guessing the MIME types of resources.
"X-Content-Type-Options": "nosniff",
// Prevent error page from being embedded in an iframe
"X-Frame-Options": "DENY",
// Prevent browsers from sending the Referer header
"Referrer-Policy": "no-referrer"
});
setResponseStatus(event, statusCode, statusMessage);
if (isJsonRequest(event)) {
setResponseHeader(event, "Content-Type", "application/json");
return send(event, JSON.stringify(errorObject));
}
setResponseHeader(event, "Content-Type", "text/html");
return send(event, renderHTMLError(errorObject));
}
);
function renderHTMLError(error) {
const statusCode = error.statusCode || 500;
const statusMessage = error.statusMessage || "Request Error";
return `
${statusCode} ${statusMessage}
`;
}