Excluding password
The password should never be returned in the response.
The next issue is extremely easy to solve. In order to avoid sending the password in the response, we just need to perform two simple steps.
In fact, the first step has already been performed, which would be to enable the ClassSerializerInterceptor
globally. We did this when we used the @Expose()
decorator for the first time.
So, all that's left to do is to go back to the user.entity file and, over the password
field, use the @Exclude()
decorator. Now, this field is not sent in the response anymore.
Commit - Excluding password from response
Last updated