Error Masking

Hive Gateway automatically masks unexpected errors and prevents leaking sensitive information to clients.

Unexpected errors can be caused by failed connections to remote services such as databases or HTTP APIs. Nobody external needs to know that your database server is not reachable. Exposing such information to the outside world can make you vulnerable for targeted attacks.

In order to build secure applications, it is crucial to understand this concept.

Disable for development

For development purpose, exposing errors to the client can be needed depending on your architecture.

Error masking can be disabled using the maskedErrors option:

gateway.config.ts

import { defineConfig } from '@graphql-hive/gateway'
 
export const gatewayConfig = defineConfig({
  maskedErrors: false
})

Overview CORS