Shouldn't it hide more information by default?

[Minishlink]

Hello,

When a query reaches the max cost / max depth, etc, currently graphql-armor throws with a current cost / depth and the limit

Query Cost limit of X exceeded, found Y.

It might be better if by default it just said Query Cost limit exceeded (or better a more generic message by default like Query validation error or something specified by the user). An attacker may still find the limit by trial and error, but it will take him some time, especially if one tweaks the cost parameters from the defaults.
graphql-armor would provide an option "exposeLimits" that could be used if developers want, for example in a local setup.

What do you think about this?

Current workaround is to reformat the error afterwards, but it is a bit dicey

[nullswan]

Hi @Minishlink,

Thank you for your suggestion.

We agree that implementing a more generic error message and adding an exposeLimits option would improve graphql-armor's flexibility and security.

In case someone wants to propose these changes, we'll accept and merge these changes as soon as they are ready.