Question on error behavior in production
Do errors from convex come back to the client in production the same as they do in dev? I may have missed something in the docs here, apologies if so. Concerned about backend data leaking into the client through unhandled errors, primarily from actions.
7 Replies
Sup! Currently they do go out the same, but we're rolling out a change to limit the behavior on prod deployments. It'll happen before 1.0, probably in the next 1-2 weeks.
Pain point heard loud and clear and appreciate the question!
Both
console.log and JS Error stack traces will be removed such that they don't reach the client on production deployments.
Development deployments will work the same as before.Ah that’s great to hear, thanks for the info!
Do you know if it’s just the stack trace that will be removed or all error details? My two cents: Error handling generally evolves with a project, so an ideal behavior would be for all convex functions to make error reporting opt in, and otherwise return an opaque default error if no handling has been provided.
sneak preview of before/after
From
So in prod deployments - everything replaced with
Server Error
Exact wording/language might change, but that's the gist of the behavior.
Top priority is to prevent leaking of private information (anything from inside your Convex functions).
I think we'd in the future want to make it easier to configure some opt in error handling for the cases when you do want specific errors to reach your clients, but as Nipunn said, top priority is making sure we're not leaking private information.
Yeah, safety first for sure - thanks for sharing this!
0.18.0 is out, and redacts the logs & stack traces in production (but not dev)