From a46048e55568079e28af4a744de0845456630979 Mon Sep 17 00:00:00 2001
From: eh-steve <16373174+eh-steve@users.noreply.github.com>
Date: Mon, 5 Aug 2024 15:54:13 +0100
Subject: [PATCH 1/2] Bugfix 404 response from getFlowError

---
 examples/nextjs-spa/src/pages/error.tsx | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/examples/nextjs-spa/src/pages/error.tsx b/examples/nextjs-spa/src/pages/error.tsx
index 975c7c469..fc0d38660 100644
--- a/examples/nextjs-spa/src/pages/error.tsx
+++ b/examples/nextjs-spa/src/pages/error.tsx
@@ -51,7 +51,16 @@ const Error: NextPageWithLayout = () => {
         .then(({ data }) => {
           setError(JSON.stringify(data, null, 2))
         })
-        .catch(handleError)
+        .catch((error: AxiosError) => {
+          switch (error.response?.status) {
+            case 404: {
+              // The kratos handler for /self-service/errors?id=some_error_id currently only handles id=stub:500, and will 404 for everything else
+              // See https://github.com/ory/kratos/blob/4fb28b363622bb21ce12d9f89d2ceb4649aa0cba/selfservice/errorx/handler.go#L106
+              return;
+            }
+          }
+          handleError(error).then();
+        });
     }
   }, [err, id, router.isReady, handleError])
 

From fab7813130485f3de3a2812d69f1a438b27ba0d6 Mon Sep 17 00:00:00 2001
From: Anonymous <anonymous@github.com>
Date: Mon, 5 Aug 2024 16:43:27 +0100
Subject: [PATCH 2/2] Redact passwords from error payloads

---
 examples/nextjs-spa/src/pkg/hooks.tsx | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/examples/nextjs-spa/src/pkg/hooks.tsx b/examples/nextjs-spa/src/pkg/hooks.tsx
index b05110d27..eaa63c799 100644
--- a/examples/nextjs-spa/src/pkg/hooks.tsx
+++ b/examples/nextjs-spa/src/pkg/hooks.tsx
@@ -21,6 +21,18 @@ export const HandleError = (
       return Promise.resolve()
     }
 
+    const configData = error.config?.data;
+    if (error.config && configData && (typeof configData === "string" || configData instanceof String)) {
+      // Sanitise any payloads where the top level key is "password" so they don't end up in the URLs
+      try {
+        const parsedData = JSON.parse(configData.toString());
+        if (parsedData.password) {
+          parsedData.password = "REDACTED";
+        }
+        error.config.data = JSON.stringify(parsedData);
+      } catch (e) {}
+    }
+
     const responseData = error.response?.data || {}
 
     switch (error.response?.status) {