Feature: new `unsecureGraphQLErrors` client option to enable unfiltered errors in GraphQL response
Tenrys opened this issue · 3 comments
Here the issue is that if you have a filter with only null (undefined) values for fields that are non-nullable, Prisma will crash as that is not a valid query.
It would be nice if Prisma AppSync silently "collapsed" the filter to prevent a mistake, or alternatively, gave the proper error. The "cause" bit in that screenshot is my own change to the library in order to demonstrate the issue.
This only happened while dynamically generating the query through front-end code, of course.
@Tenrys In theory, you should already be able to access the appropriate underlying error from your Terminal (CloudWatch on AWS). Please let me know if this is not the case.
The GraphQL response is intentionally designed to provide only a high-level summary of the underlying error. We avoid displaying explicit details in the response for security reasons, as we do not want to expose internal information to anyone querying your API.
My initial thoughts on this issue are that we should not suppress errors silently, as users might assume their query was successful when it was actually invalid.
Ideally, we would report a more specific error, but this would be a significant undertaking since Prisma Client does not generate simple error messages. As a result, we would need to identify non-nullable fields from your schema, pass this information to the runtime, and parse all queries to verify and report their validity.
it is visible on cloudwatch, but for the other developers on my team trying to use the API I'm building for them, it is time consuming having to dig up the logs for that request every time something does crash. I would like to have the option to show more raw details at least if there was a way to flag the API as being "in development" or such.
We could imagine a new client option to enable unfiltered errors in GraphQL response. However, since it is not a good security practice, I would name it accordingly:
const prismaAppSync = new PrismaAppSync({ unsecureGraphQLErrors: true })