0

In GraphQL, if we enter wrong field name in search, its will suggest the alternative fields in the response. It creates some security issues in production. So we plan to disable that feature. unfortunately adobe commerce not having the out of box feature.

Query:

{ products( filter: { sku: { eq: "SKU"} } ) { items { new_items { name sk } } } }

Response:

{ "errors": [ { "message": "Cannot query field \"sk\" on type \"NewItems\". Did you mean \"sku\"?", "locations": [ { "line": 8, "column": 9 } ] } ] }

We found, this particular createFromException function in this class vendor/webonyx/graphql-php/src/Error/FormattedError.php responsible for modifying the response.

But, Its a static or class method, so we can't able to override via preference or plugins in magento 2.

So we try to overload that function using __callStatic magic method in php. Its unable to call this my custom function to modify the response.

pls suggest what was missing below and suggest me any alternative solution. Thanks in advance

What we did:

Vendor\Module\etc\di.xmi:

<?xml version="1.0"?> <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd"> <preference for="GraphQL\Error\FormattedError" type="Vendor\Module\Error\CustomFormattedError" /> </config>

Vendor\Module\Error\CustomFormattedError.php:

<?php namespace Vendor\Module\Error; use GraphQL\Error\Error; use GraphQL\Error\FormattedError as BaseFormattedError; use Psr\Log\LoggerInterface; class CustomFormattedError extends BaseFormattedError { public static function __callStatic($name, $arguments) { if ($name === 'createFromException') { $formattedError = parent::createFromException(...$arguments); if (isset($formattedError['message']) && str_contains($formattedError['message'], 'Did you mean')) { $formattedError['message'] = 'Invalid query field.'; } return $formattedError; } return parent::__callStatic($name, $arguments); } }

Reference:

https://stackoverflow.com/questions/68727351/how-to-disable-graphql-mutation-query-name-suggestions

Magento 2 Override public static method of framework class

Improve this question

2 Answers 2

Reset to default
1

For this issue, you can create a customized patch to update the code in the vendor folder.

Steps:

  1. Create a new file in the "patches" folder (You need to create a new folder if you don't have it yet.) - File name: customize.patch
  2. Run command: git apply patches/customize.patch

The content in the "customize.patch" file:

 diff --git a/vendor/webonyx/graphql-php/src/Validator/Rules/FieldsOnCorrectType.php b/vendor/webonyx/graphql-php/src/Validator/Rules/FieldsOnCorrectType.php index a491a567a37..5e8bef787d2 100644 --- a/vendor/webonyx/graphql-php/src/Validator/Rules/FieldsOnCorrectType.php +++ b/vendor/webonyx/graphql-php/src/Validator/Rules/FieldsOnCorrectType.php @@ -133,16 +133,6 @@ ): string { $message = "Cannot query field \"{$fieldName}\" on type \"{$type}\"."; - if ($suggestedTypeNames !== []) { - $suggestions = Utils::quotedOrList($suggestedTypeNames); - - $message .= " Did you mean to use an inline fragment on {$suggestions}?"; - } elseif ($suggestedFieldNames !== []) { - $suggestions = Utils::quotedOrList($suggestedFieldNames); - - $message .= " Did you mean {$suggestions}?"; - } - return $message; } }

Note: You need to set it to run the "git apply patches/customize.patch" command every time you run the "composer install" command.

Good luck!

Improve this answer
2
  • Thankyou for sharing the patch solution. Let me check. Commented Jan 22 at 9:48
  • You have to modify the core file : vendor/webonyx/graphql-php/src/Validator/Rules/FieldsOnCorrectType.php Commented Jan 28 at 10:29
0

1. Create a Custom Module

If you don’t have a custom module, create one.

Module Registration

Create app/code/Vendor/Module/registration.php: <?php \Magento\Framework\Component\ComponentRegistrar::register( \Magento\Framework\Component\ComponentRegistrar::MODULE, 'Vendor_Module', __DIR__ );

Module Configuration

Create app/code/Vendor/Module/etc/module.xml: <?xml version="1.0"?> <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:Module/etc/module.xsd"> <module name="Vendor_Module" setup_version="1.0.0"/> </config>
  1. Override the GraphQL Error Processor Magento uses Magento\GraphQl\Model\Query\ErrorHandler to process GraphQL errors. We will override this class.

Define Preference in di.xml

Create app/code/Vendor/Module/etc/di.xml: <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework/ObjectManager/etc/config.xsd"> <preference for="Magento\GraphQl\Model\Query\ErrorHandler" type="Vendor\Module\Model\GraphQl\CustomErrorHandler"/> </config>

3. Create a Custom Error Handler

 Create app/code/Vendor/Module/Model/GraphQl/CustomErrorHandler.php: <?php namespace Vendor\Module\Model\GraphQl; use Magento\GraphQl\Model\Query\ErrorHandler; use GraphQL\Error\Error; use GraphQL\Error\FormattedError; class CustomErrorHandler extends ErrorHandler { /** * Override error handling to remove field suggestions * * @param Error $error * @return array */ public function handleError(Error $error): array { $formattedError = FormattedError::createFromException($error); // Remove 'Did you mean' suggestion message if (isset($formattedError['message'])) { $formattedError['message'] = preg_replace('/Did you mean ".+?"\?/', '', $formattedError['message']); } return $formattedError; } }

4. Flush Cache & Test

Expected Outcome Before:

{ "errors": [ { "message": "Cannot query field 'invalidField' on type 'Query'. Did you mean 'validField'?", "locations": [ { "line": 2, "column": 3 } ] } ] }

After applying the custom error handler:

{ "errors": [ { "message": "Cannot query field 'invalidField' on type 'Query'.", "locations": [ { "line": 2, "column": 3 } ] } ] }

Alternative: Completely Disable GraphQL Error Messages If you want to completely hide GraphQL error messages, modify the handleError method like this:

public function handleError(Error $error): array { return [ 'message' => 'An error occurred while processing the request.' ]; }
Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.