Resolving error details via link is currently leaking data to apollo

[simhnna]

f8c0b96 was implemented to reduce bundle size which I guess is a valid point and all is good since the unwrapping happens client side in the browser. What's not acceptable is having a "survey" endpoint that receives the complete url with all the data included.

Now my only option is to try to disable that again. Having that enabled is a data breach waiting to happen.

Can we disable that by default and go back to either bundled error messages or having numbers that you need to lookup. Basically anything that doesn't require including the error details

[simhnna]

The proposed fix is sort of working. Now I get this error (not the actual error on console)

ERROR TypeError: Cannot convert object to primitive value
    at String (<anonymous>)
    at console.warn (<anonymous>)
    at invariant.js:35:27
    at Function.warn (invariantWrappers.js:19:12)
    at warnAboutDataLoss (writeToStore.js:397:37)
    at writeToStore.js:74:25
    at Array.forEach (<anonymous>)
    at writeToStore.js:71:42
    at Map.forEach (<anonymous>)
    at StoreWriter.writeToStore (writeToStore.js:46:30)

because arguments includes the actual data as objects

{
  "0": "Cache data may be lost when replacing the %s field of a %s object.\n\nThis could cause additional (usually avoidable) network requests to fetch data that were otherwise cached.\n\nTo address this problem (which is not a bug in Apollo Client), %sdefine a custom merge function for the %s field, so InMemoryCache can safely merge these objects:\n\n  existing: %s\n  incoming: %s\n\nFor more information about these options, please refer to the documentation:\n\n  * Ensuring entity objects have IDs: https://go.apollo.dev/c/generating-unique-identifiers\n  * Defining custom merge functions: https://go.apollo.dev/c/merging-non-normalized-objects\n",
  "1": "solutionRepo",
  "2": "InstallationStatus",
  "3": "either ensure all objects of type SolutionRepo have an ID or a custom merge function, or ",
  "4": "InstallationStatus.solutionRepo",
  "5": {
    "__typename": "SolutionRepo",
    "platformVersion": "...",
    "accountNumber": "..."
  },
  "6": { "__typename": "SolutionRepo", "accountNumber": "..." }
}

[bignimbus]

Thanks @simhnna for bringing this to our attention! We are looking into it now 🙏🏻

[bignimbus]

Hi again @simhnna, thanks for your patience! Regarding the “object to primitive value” problem: can you try the latest version? We recently shipped a patch in 3.9.1 that should address this issue. See #11516 for more information.

Thanks again for pointing out that the URL hash property is included in that call to the documentation feedback survey, that was not intentional. Our docs team has removed the script and survey from the website as of 2024-01-31.

I’ll close this for now but please feel free to DM me at @jeff.auriemma on Discord or email me at jeff[.]auriemma[at]apollographql[.]com with any follow-up questions!

[github-actions]

Do you have any feedback for the maintainers? Please tell us by taking a one-minute survey. Your responses will help us understand Apollo Client usage and allow us to serve you better.

[github-actions]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
For general questions, we recommend using StackOverflow or our discord server.