[Feature Request] Ability to hide JS errors from code.js in response

[sergio-i2o]

We are currently in the process of building an API using AppSync and have hit a bit of an issue.

Our information security policies dictate that we should not expose specific technical details in responses to users. Currently if a JavaScript error occurs in a pipeline resolver function, the error will bubble to the client in the response with some technical information.

For example, if we attempt to access a property on a null object, an error something like this will be returned:

{
    "data": null,
    "errors": [
        {
            "path": [
                "places"
            ],
            "data": null,
            "errorType": "Code",
            "errorInfo": null,
            "places": [
                {
                    "line": 2,
                    "column": 5,
                    "sourceName": null
                }
            ],
            "message": "code.js:162:13: ReferenceError: [invalid property] is not defined"
        }
    ]
}

There does not seem to be a way to intercept these types of messages. AppSync will return early and bypass the remaining pipeline functions.

Could there be an option to hide details of JS runtime errors in responses?

In the meantime, does anyone know how I can work around this issue?

Thank you

[espetro]

Bump 👍 I'd like to know whether we can mitigate this issue or not