reavealErrorTypes are still logged to Google

[RoelRoel]

const server = new ApolloServer({
  typeDefs: schema,
  resolvers,
  schemaDirectives,
  playground: constants.ALLOW_PLAYGROUND_AT_PRODUCTION || envName !== 'production',
  validationRules: [
    depthLimit(constants.MAXIMUM_QUERY_DEPTH)
  ],
  extensions: [() => new GraphQLErrorTrackingExtension({
      // only send this kind of errors to the client (and must be handled there)
      revealErrorTypes: [SyntaxError, UserInputError, AuthenticationError, ForbiddenError],
      // unexpected errors (bugs) should be send to error reporting
      onUnrevealedError: (err, originalError) => {
        console.log('Unexpected error should be reported on production (environment ' + envName + ')');
        if (originalError) {
          errorReporting.report(err.originalError.stack);
        } else {
          errorReporting.report(err.stack);
        }
      }
  })],
[...]

I checked if the ForbiddenError is from the same module. They are both from 'apollo-server-express'.
When I look at the libraries code it seems pretty straighforward so this is very weird.

[philsch]

Hi @RoelRoel

Can you clarify your expected behaviour so I can try to understand the problem better?

How I interpret your question at the moment: You would expect that the GraphQL error is not reported in Google Error Reporting because it is part of the revealErrorTypes list.

If this is your question, the revealErrorTypes and onUnrevealedError work a bit different than you expect. The idea of this two parameters is to:

• Hide some error types from the client (e.g. you don't want to reveal database errors)
• onUnrevealedError is there to still have access to the originalError for logging purpose

However, Google monitors your application and GraphQL will throw an exception that will be taken from the Google Error Reporting. If your error is part of the revealErrorTypes list, the extension has not manipulated the error. Therefore the error is send as is to the client, but it is also thrown on server side at the same time and therefore will appear in Error Reporting.

Unfortunately I don't have time to reproduce your case at the moment, I hope my explanation still makes sense to you.

[RoelRoel]

Thanks for the fast answer.
So you are saying the onUnrevealedError is still called when a reavealed error occurs?
I would not expect that with the name onUnrevealedError.

I don't want to log revealed errors because that user mistakes (like typing the wrong password).

[philsch]

Hi @RoelRoel

No, onUnrevealedError is not called when an error appears that is listed in revealErrorTypes. You can check this by adding a console.log inside your onUnrevealedError callback function.

The error is still appearing in Google Error Reporting because all Apollo Errors are Exceptions that are tracked by Google Error Reporting, this plugin does not change that. The purpose of this plugin is to prevent that certain errors are exposed to the client (for example a Browser doing a GraphQL query).

Let my try to explain the behaviour with the following example code: https://gist.github.com/philsch/0433a702383bb70dd6143f2bdc48c8c4

This example GraphQL server defines two custom errors, SomeError and SecretError. Only details about SomeError should be visible to Apollo Clients, therefore I've added this error to the revealErrorTypes list. Also note the console.log in line 58 that shows if onUnrevealedError gets called.

For "some" error

Client:

Server:

[399a60] {"host":"localhost:8080","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:95.0) Gecko/20100101 Firefox/95.0","accept":"*/*","accept-language":"de-DE,de;q=0.8,en-US;q=0.5,en;q=0.3","accept-encoding":"gzip, deflate","referer":"http://localhost:8080/playground","content-type":"application/json","origin":"http://localhost:8080","content-length":"91","dnt":"1","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"}
[399a60] GraphQLError Some error happened
[399a60] Error body: {   triggerError(errorType: "some") } 

As you can see, the error is completely revealed to the client. But onUnrevealedError was not called.

For "secret" error

Client:

Server:

[cc6814] {"host":"localhost:8080","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:95.0) Gecko/20100101 Firefox/95.0","accept":"*/*","accept-language":"de-DE,de;q=0.8,en-US;q=0.5,en;q=0.3","accept-encoding":"gzip, deflate","referer":"http://localhost:8080/playground","content-type":"application/json","origin":"http://localhost:8080","content-length":"93","dnt":"1","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"}
[cc6814] GraphQLError A secret error
[cc6814] Error body: {   triggerError(errorType: "secret") } 
onUnrevealedError called for GraphQLError (original error was "Secret Error")

The original error is not visible to the client. As you can see in the last line of the server logs, the onUnrevealedError callback was called.