Feature: new `unsecureGraphQLErrors` client option to enable unfiltered errors in GraphQL response about prisma-appsync HOT 3 OPEN

We could imagine a new client option to enable unfiltered errors in GraphQL response. However, since it is not a good security practice, I would name it accordingly:

const prismaAppSync = new PrismaAppSync({ unsecureGraphQLErrors: true })

from prisma-appsync.

@Tenrys In theory, you should already be able to access the appropriate underlying error from your Terminal (CloudWatch on AWS). Please let me know if this is not the case.

The GraphQL response is intentionally designed to provide only a high-level summary of the underlying error. We avoid displaying explicit details in the response for security reasons, as we do not want to expose internal information to anyone querying your API.

My initial thoughts on this issue are that we should not suppress errors silently, as users might assume their query was successful when it was actually invalid.

Ideally, we would report a more specific error, but this would be a significant undertaking since Prisma Client does not generate simple error messages. As a result, we would need to identify non-nullable fields from your schema, pass this information to the runtime, and parse all queries to verify and report their validity.

from prisma-appsync.

it is visible on cloudwatch, but for the other developers on my team trying to use the API I'm building for them, it is time consuming having to dig up the logs for that request every time something does crash. I would like to have the option to show more raw details at least if there was a way to flag the API as being "in development" or such.

from prisma-appsync.