-
|
The following notice appears on the Auth Plugin page:
However, if I want to use the Errors Plugin to provide error types within the schema for authorization errors ( I believe this should be safe, but I wanted to check first. Is specifying the errors plugin before the auth plugin considered safe? Should the documentation be updated to reflect this if so? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Yes, provided the content of your errors are not sensitive. Basically the error types in the response mah not be protected by authorization checks, but I think for all cases I can think of this is okay. You should still be able to add authorization checks to specific fields of the error types if they need to be protected as well. |
Beta Was this translation helpful? Give feedback.
Yes, provided the content of your errors are not sensitive. Basically the error types in the response mah not be protected by authorization checks, but I think for all cases I can think of this is okay. You should still be able to add authorization checks to specific fields of the error types if they need to be protected as well.