From 9eb668d08ad9ed2e516b59140a297950fee081d4 Mon Sep 17 00:00:00 2001
From: Matthias <xmatthias@outlook.com>
Date: Mon, 9 Feb 2026 19:58:36 +0100
Subject: [PATCH] chore: improve response security

---
 freqtrade/rpc/api_server/api_v1.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/freqtrade/rpc/api_server/api_v1.py b/freqtrade/rpc/api_server/api_v1.py
index 34cf165bf..366dabead 100644
--- a/freqtrade/rpc/api_server/api_v1.py
+++ b/freqtrade/rpc/api_server/api_v1.py
@@ -147,7 +147,7 @@ def get_strategy(
     strategy: str, config=Depends(get_config), rpc: RPC | None = Depends(get_rpc_optional)
 ):
     if ":" in strategy:
-        raise HTTPException(status_code=500, detail="base64 encoded strategies are not allowed.")
+        raise HTTPException(status_code=422, detail="base64 encoded strategies are not allowed.")
 
     if not rpc or config["runmode"] == RunMode.WEBSERVER:
         # webserver mode
@@ -162,7 +162,11 @@ def get_strategy(
         except OperationalException:
             raise HTTPException(status_code=404, detail="Strategy not found")
         except Exception as e:
-            raise HTTPException(status_code=502, detail=str(e))
+            logger.exception("Unexpected error while loading strategy '%s'.", strategy)
+            raise HTTPException(
+                status_code=502,
+                detail="Unexpected error while loading strategy.",
+            )
     else:
         # trade mode
         strategy_obj = rpc._freqtrade.strategy