Do not expose health check data in health handler

Because health check errors may expose sensitive data, we shouldn't expose the details of the failure to clients. Instead, an error is returned to the client with a hint about where they could find further information on why the service is down. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-08-06 16:26:31 -07:00 · 2015-08-06 16:26:31 -07:00 · a68e081de4
parent f141480d98
commit a68e081de4
1 changed files with 3 additions and 1 deletions
--- a/health/health.go
+++ b/health/health.go
@ -8,6 +8,7 @@ import (
 	"time"

 	"github.com/docker/distribution/context"
+	"github.com/docker/distribution/registry/api/errcode"
 )

 var (
@ -214,7 +215,8 @@ func Handler(handler http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		checks := CheckStatus()
 		if len(checks) != 0 {
-			statusResponse(w, r, http.StatusServiceUnavailable, checks)
+			errcode.ServeJSON(w, errcode.ErrorCodeUnavailable.
+				WithDetail("health check failed: please see /debug/health"))
 			return
 		}