When I'm on a development server and there is an error, Express sends the traceback as a response.

However, this is not good for production. I don't want anyone seeing my trackback.

How can I turn this off?

Note: I'm using EJS as a template engine - this may be the cause, and not express. When I have an undefined variable in the ejs template, for example, ejs renders the traceback and displays it to the user on a white page.

The latest version of Express use smart default error handler.

In development mode it sends full stack trace back to the browser, while in production mode it sends only 500 Internal Server Error.

To take advantage of it you should set proper NODE_ENV before running your application.

For example, to run your app in production mode:

NODE_ENV=production node application.js

But if you don't like this default behavior, you could define your own error handler:

app.use(function(err, req, res, next){
  console.error(err);
  res.status(500);
  res.render('error');
});

Note that error handler must be the last middleware in chain, so it should be defined in the bottom of your application.js file.

If you need more information, see:

• Express official documentation
• Blog post about error handling in Express

So errors can be coming from express or ejs. In case of:

1. Express error : Use custom error handling to override the default behaviour. Simply don't send back the error. Read about it on the documentation page. Or you can use already existing middleware such errorhandler like Leonid said to override it.

2. Template error : Due to jade/ejs etc. Again handle the errors instead of default behaviour which is to send them to client. Use a callback and check for errors. If there is don't display them, instead show an error page.

   res.render(your_template, {}, function(err, html) {
       if(err) {
           res.redirect('/error');
       } else {
           res.send(html);
       }
   });