-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Shouldn't it hide more information by default? #716
Labels
Comments
Hi @Minishlink, Thank you for your suggestion. We agree that implementing a more generic error message and adding an In case someone wants to propose these changes, we'll accept and merge these changes as soon as they are ready. |
nullswan
added
enhancement
New feature or request
good first issue
Good for newcomers
labels
Oct 9, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
When a query reaches the max cost / max depth, etc, currently graphql-armor throws with a current cost / depth and the limit
Query Cost limit of X exceeded, found Y.
It might be better if by default it just said
Query Cost limit exceeded
(or better a more generic message by default likeQuery validation error
or something specified by the user). An attacker may still find the limit by trial and error, but it will take him some time, especially if one tweaks the cost parameters from the defaults.graphql-armor would provide an option "exposeLimits" that could be used if developers want, for example in a local setup.
What do you think about this?
Current workaround is to reformat the error afterwards, but it is a bit dicey
The text was updated successfully, but these errors were encountered: