video-accessibility

History

Vadym Samoilenko e81acebc45 security: remove exception detail from /auth/refresh response (C-03) Replaced the bare except that leaked str(e) (JWT library internals, claim validation messages) with a generic "Invalid refresh token" detail. Full traceback is now logged server-side via the structured logger. Re-raises HTTPException before the generic handler so valid 401s from inner checks are not double-wrapped. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-29 14:11:59 +01:00
..
v1	security: remove exception detail from /auth/refresh response (C-03)	2026-04-29 14:11:59 +01:00

Vadym Samoilenko e81acebc45 security: remove exception detail from /auth/refresh response (C-03)

Replaced the bare except that leaked str(e) (JWT library internals,
claim validation messages) with a generic "Invalid refresh token" detail.
Full traceback is now logged server-side via the structured logger.
Re-raises HTTPException before the generic handler so valid 401s from
inner checks are not double-wrapped.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-29 14:11:59 +01:00

security: remove exception detail from /auth/refresh response (C-03)

2026-04-29 14:11:59 +01:00