Skip to content
Critiq Docs

Search docs

Search documentation pages and rules

security.misconfiguration

Keep production Rails exception disclosure minimal

Production environments should not enable local-style exception pages or verbose Action Dispatch exception rendering.

#Metadata

Rule ID
ruby.security.rails-detailed-exceptions-enabled
Severity
medium
Confidence
0.9
Languages
ruby
Presets
security, strict
Stability
stable
Applies to
block
Tags
misconfiguration, rails, ruby, rules-catalog, security

#Why it matters

Detailed exceptions leak stack traces, secrets, and implementation details that attackers can use to refine exploits.

#Remediation

Set `consider_all_requests_local` and `show_detailed_exceptions` to safe defaults, route errors through monitored handlers, and keep `config.action_dispatch.show_exceptions` off verbose modes in production.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/ruby/ruby.security.rails-detailed-exceptions-enabled.rule.yaml.

Back to directoryOpen rule in repository