Make bad request exception generic unless in debug mode (0.15) #1131
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
(This is a 0.15 port of #1128 The README is outdated and it's not entirely clear which branches are stable now, but it seems to be 0.15 and 1.0. I'm unsure if this will be accepted, I will add doc and possibly tests if there is some approval.)
Exceptions and specifically stack traces should not be shown in production. This bundle has a customisable error handler, but as the documentation states: "Only query parsed error won't be replaced.". I could make my own
Parser
override class which catches the exceptions in prod mode, but then how can I produce a usable JSON response? I needed to modify theGraphController
to do that.The fix is to check
kernel.debug
and catch bad request exceptions. If debug mode is enabled, it rethrows the exception (i.e. works as before). If disabled (prod mode), it instead returns ablankJsonResponse with HTTP 400 Bad Request status code and the exception message, but not the stack trace. The simplest manual test is to accessexample.com/graphql
in a browser, in debug and prod modes.If rejected, please let me know if you can see ways of doing this in my project without modifying your bundle. Thanks!
Related: It would also be nice to disable introspection in prod mode by default, like shown in the doc. But since it hasn't been done yet, I assume the maintainers aren't keen on it.