TTC
Theo's Typesafe Cult2y ago
Julien Castets

fix create-t3-app (and trpc) dangerous default?

By default, trpc (https://github.com/trpc/trpc/discussions/2071) and create-t3-app send server errors to clients 
const t = initTRPC.context<Context>().create({
  transformer: superjson,
  errorFormatter({ shape }) {
    return shape;
  }
});
const t = initTRPC.context<Context>().create({
  transformer: superjson,
  errorFormatter({ shape }) {
    return shape;
  }
});
Here, shape contains the stack trace of the error and a message which can contain sensitive info. I updated my errorFormatter to hide these sensitive info: 
  // By default, trpc sends the stack trace of the error to the client. Remove
  // these sensitive details before sending to the client.
  errorFormatter({ error, shape }) {
    const safeMessage = error.code === "INTERNAL_SERVER_ERROR" ? "Internal server error" : shape.message;
    const { stack, path, ...safeData } = shape.data;

    return {
      ...shape,
      message: safeMessage,
      data: {
        ...safeData,
      }
    };
  // By default, trpc sends the stack trace of the error to the client. Remove
  // these sensitive details before sending to the client.
  errorFormatter({ error, shape }) {
    const safeMessage = error.code === "INTERNAL_SERVER_ERROR" ? "Internal server error" : shape.message;
    const { stack, path, ...safeData } = shape.data;

    return {
      ...shape,
      message: safeMessage,
      data: {
        ...safeData,
      }
    };
Do you think it should be a default?
GitHub
Redact error message for client for status 500 errors · Discussion ...
I noticed the client side error message for unhandled server side errors contains the original error message. I don&#39;t think that is a good idea, at least for my case as those can be quite s...
1 Reply
Ambushfall
Ambushfall2y ago
I personally reckon the T3 Stack is just a starting point for you to do what you wish, I believe. Yeah, you should always select what you push client side. Not sure if it should be by default though.
Want results from more Discord servers?
Add your server