aws-appsync-community icon indicating copy to clipboard operation
aws-appsync-community copied to clipboard

Published 20 hours ago verified publisher icon aws

[Feature Request] Ability to hide JS errors from code.js in response

Open sergio-i2o opened this issue 9 months ago • 0 comments

We are currently in the process of building an API using AppSync and have hit a bit of an issue.

Our information security policies dictate that we should not expose specific technical details in responses to users. Currently if a JavaScript error occurs in a pipeline resolver function, the error will bubble to the client in the response with some technical information.

For example, if we attempt to access a property on a null object, an error something like this will be returned:

{
    "data": null,
    "errors": [
        {
            "path": [
                "places"
            ],
            "data": null,
            "errorType": "Code",
            "errorInfo": null,
            "places": [
                {
                    "line": 2,
                    "column": 5,
                    "sourceName": null
                }
            ],
            "message": "code.js:162:13: ReferenceError: [invalid property] is not defined"
        }
    ]
}

There does not seem to be a way to intercept these types of messages. AppSync will return early and bypass the remaining pipeline functions.

Could there be an option to hide details of JS runtime errors in responses?

In the meantime, does anyone know how I can work around this issue?

Thank you

sergio-i2o avatar Oct 03 '23 10:10 sergio-i2o