Option to avoid leaking exception messages in the response body

[davidor]

When the application raises an exception, Falcon returns the message of the exception in the response body. I think it would be great to introduce a flag to disable this. In development environments seeing the exception message can be helpful. However, in a production environment, we might want to show a generic error message instead.

Puma has an option to do this: https://github.com/puma/puma/blob/6baa4d8e1c88f2e4db2918df48416a5c49feec40/lib/puma/server.rb#L919

Is there a way to do this in Falcon? I have not found anything in the docs. If there isn't a way to do this, @ioquatix would you be open to introduce this feature? I'm happy to help.

[ioquatix]

It's a good idea.

It probably fits in with falcon host, which is intended for production, more than falcon serve which is intended for development. You'd need to check the master branch and look at Falcon::Service::Application and consider adding a new option to the host configuration, or simply disabling it by default which might make more sense for production.