From 70d36ce0ebdf323bb6e7605e0744311e61635ba8 Mon Sep 17 00:00:00 2001
From: andrealungh1 <andrea.lunghi.2005@gmail.com>
Date: Tue, 12 Aug 2025 19:32:58 -0400
Subject: [PATCH] added generic error handling to prevent detail leaks

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 81762fe..63b4124 100644
--- a/README.md
+++ b/README.md
@@ -67,6 +67,7 @@ Checklist of the most important security countermeasures when designing, testing
 - [ ] Send `Content-Security-Policy: default-src 'none'` header.
 - [ ] Remove fingerprinting headers - `X-Powered-By`, `Server`, `X-AspNet-Version`, etc.
 - [ ] Force `content-type` for your response. If you return `application/json`, then your `content-type` response is `application/json`.
+- [ ] Do not return overly specific error messages to the client that could reveal implementation details, use generic messages instead, and log detailed information only on the server side.
 - [ ] Don't return sensitive data like `credentials`, `passwords`, or `security tokens`.
 - [ ] Return the proper status code according to the operation completed. (e.g., `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, etc.).