-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
regression in http status setting for certain errors (v3 to v4) #7462
Comments
@trevor-scheer and I looked into this a bit and yes, there's an unintended regression here. He actually noticed this a bit ago and filed a PR to the project that implements an HTTP-level test suite for this. Looks like I introduced this in #6502 where I deleted a block of code with this comment and replaced it with similar code in the
Unfortunately what I missed was that this code was also run on code that did reach GraphQL execution if the GraphQL executor didn't produce a I think @trevor-scheer is going to take it from here in figuring out what the right response is (and perhaps validating my vague memory that the variable coercion case is the only one where |
Apollo Server v4 introduced a regression with respect to invalid `variables` and http status codes. AS4 incorrectly started responding with a 200 status code, where AS3 would respond with a 400 when the provided variables object failed variable coercion (during `graphql-js` `execute`). Providing the following config to your AS4 constructor options will opt-in to the regression mitigation: ```ts new ApolloServer({ // ... status400WithErrorsAndNoData: true, }) ``` Fixes #7462 Related discussion #7460 --------- Co-authored-by: Stephen Barlow <[email protected]> Co-authored-by: David Glasser <[email protected]>
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Issue Description
We are in the process of upgrading our system from
v3
tov4
and see a regression in several unit tests for HTTP status codes of invalid inputs. The particular error is of the form:I've traced these calls into
requestPipeline.ts
and do not see any mechanism for setting HTTP status after the pipeline reaches a specific point. We have other test cases that did not regress; all of these were caught earlier in the pipeline (e.g. here).The problematic behaviors occurs on lines 474-477:
If there are errors (eg. if resultErrors exists), the
formatErrors
function delegates to thenormalizeAndFormatErrors
function, which always creates a new instance forhttpFromErrors
.Subsequently the
mergeHTTPGraphQLHead
function only sets thetarget.status
to a non-200 HTTP code if thishttpFromErrors
value defines astatus
, which it does not because it is a fresh instance and takes no input from theresultErrors
.I have not taken the time to dig into the older software, but this seems like an obvious regression; either this kind of error should be caught earlier in the pipeline (where it can be handled differently) or this part of the pipeline should be able to set the HTTP status based on the error content.
Link to Reproduction
n/a
Reproduction Steps
Our setup is:
application
=>internal framework
=>@nestjs/graphql
=>@nestjs/apollo
=>@apollo/server
.I get the value and importance of a reproducible test case; I also estimate that it would take several days to strip down this flow into something that neither leaked internal systems and directly used apollo (vs
@nestjs
). I'm hopefully that my line-by-line breakdown of the issue suffices; I doubt we can take the time to produce a palatable reproduction.The text was updated successfully, but these errors were encountered: