From e4b0d11b19bc3bafee08a03f4165aa1f5c82b5bc Mon Sep 17 00:00:00 2001
From: Ankush Menat <ankush@frappe.io>
Date: Thu, 13 Mar 2025 14:48:20 +0530
Subject: [PATCH] fix: only show tracebacks to system users (#31629)

Website users by design are supposed to be "less trusted", so don't show
tracebacks to them.
---
 frappe/frappeclient.py       | 15 +++++++++++----
 frappe/tests/test_website.py |  4 ++--
 frappe/utils/response.py     |  3 +++
 3 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/frappe/frappeclient.py b/frappe/frappeclient.py
index f58ada84b1..5cf6a91293 100644
--- a/frappe/frappeclient.py
+++ b/frappe/frappeclient.py
@@ -369,12 +369,19 @@ class FrappeClient:
 			print(response.text)
 			raise
 
-		if rjson and ("exc" in rjson) and rjson["exc"]:
+		if rjson and (rjson.get("exc") or rjson.get("exc_type") or rjson.get("errors")):
 			try:
-				exc = json.loads(rjson["exc"])[0]
-				exc = "FrappeClient Request Failed\n\n" + exc
+				exception = ""
+				if rjson.get("exc"):
+					exception = json.loads(rjson["exc"])[0]
+				elif rjson.get("exc_type"):  # Just have type available
+					exception = json.loads(rjson["exc_type"])[0]
+				elif errors := rjson.get("errrors"):
+					exception = errors[0].get("exception") or errors[0].get("type")
+
+				exc = "FrappeClient Request Failed\n\n" + exception
 			except Exception:
-				exc = rjson["exc"]
+				exc = rjson.get("exc")
 
 			raise FrappeException(exc)
 		if "message" in rjson:
diff --git a/frappe/tests/test_website.py b/frappe/tests/test_website.py
index e44ab92205..1309579f36 100644
--- a/frappe/tests/test_website.py
+++ b/frappe/tests/test_website.py
@@ -340,12 +340,12 @@ class TestWebsite(IntegrationTestCase):
 	def test_safe_render(self):
 		content = get_response_content("/_test/_test_safe_render_on")
 		self.assertNotIn("Safe Render On", content)
-		self.assertIn("frappe.exceptions.ValidationError: Illegal template", content)
+		self.assertIn("Show Error", content)
 
 		content = get_response_content("/_test/_test_safe_render_off")
 		self.assertIn("Safe Render Off", content)
 		self.assertIn("test.__test", content)
-		self.assertNotIn("frappe.exceptions.ValidationError: Illegal template", content)
+		self.assertNotIn("Show Error", content)
 
 	def test_never_render(self):
 		from pathlib import Path
diff --git a/frappe/utils/response.py b/frappe/utils/response.py
index 6849f3bbb3..52381281db 100644
--- a/frappe/utils/response.py
+++ b/frappe/utils/response.py
@@ -59,10 +59,13 @@ def report_error(status_code):
 
 
 def is_traceback_allowed():
+	from frappe.permissions import is_system_user
+
 	return (
 		frappe.db
 		and frappe.get_system_settings("allow_error_traceback")
 		and (not frappe.local.flags.disable_traceback or frappe._dev_server)
+		and is_system_user()
 	)