You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Which exposes the fact that A) this is a supergraph and B) some information about the subgraph names. While it's not responding with any revealing information, other connection issues (e.g. DNS) will respond with more data that is not ideal to expose:
{
"message": "HTTP fetch failed from 'shipping': error trying to connect: dns error: no record found for Query { name: Name(\"gql.apollographl.com.localdomain.\"), query_type: AAAA, query_class: IN }",
"path": [
"user",
"orders",
"@"
],
"extensions": {
"code": "SUBREQUEST_HTTP_ERROR",
"service": "shipping",
"reason": "error trying to connect: dns error: no record found for Query { name: Name(\"gql.apollographl.com.localdomain.\"), query_type: AAAA, query_class: IN }"
}
}
Which exposes the address trying to be reached, even if that address doesn't actually exist.
With this in mind, it'd be ideal to hide all router-specific messaging in the errors as to avoid these cases altogether. Additionally, and probably most importantly, these messages are not affected by the:
include_subgraph_errors:
all: false
Setting, so it's impossible to remove without the help of Rhai/coprocessor.
Describe the solution you'd like
A new configuration block to disable router-specific error messages. Proposed example:
By default, the router doesn't include subgraph errors, so it seems odd that you are seeing these. Is router flag --dev set for these invocations? If so, that may be what is causing subgraph errors to be included.
Is your feature request related to a problem? Please describe.
The router by default will respond with a number of different error messages that may not be appropriate for external consumption. For example:
Which exposes the fact that A) this is a supergraph and B) some information about the subgraph names. While it's not responding with any revealing information, other connection issues (e.g. DNS) will respond with more data that is not ideal to expose:
Which exposes the address trying to be reached, even if that address doesn't actually exist.
With this in mind, it'd be ideal to hide all router-specific messaging in the errors as to avoid these cases altogether. Additionally, and probably most importantly, these messages are not affected by the:
Setting, so it's impossible to remove without the help of Rhai/coprocessor.
Describe the solution you'd like
A new configuration block to disable router-specific error messages. Proposed example:
Where we can now disable errors based on the provider - and potentially at a component (e.g query planner, networking, auth, etc) level.
Describe alternatives you've considered
Rhai does work for this in the meantime:
Additional context
n/a
The text was updated successfully, but these errors were encountered: