We can add more details:

Based on this file:

The issue concern also an Admin user. For the returned object response, it'll see INTERNAL_SERVER_ERROR.

A non-admin will always have INTERNAL_SERVER_ERROR in the response.

In both cases, the log will show an INTERNAL_SERVER_ERROR instead of having GRAPHQL_VALIDATION.

See you :)

This seems to apply to the REST API as well and, in particular, affecting hooks.

So if you have a hook that does validation, as shown here, non-admin users don't see the validation error, they just see Internal Server Error. That's when saving from the App UI.

I can't be sure if this is related or not but this is what I found that may be of help.

There is an error-handler middleware that seems to be responsible for this behaviour (as far as I understand from this issue and the one linked).
https://github.com/directus/directus/blob/main/api/src/middleware/error-handler.ts#L30

The middleware purposefully redacts the error message if the user is not an admin user but only if the error is not a Directus error.

My solution was to throw a Directus error as described here and indicated by the middleware above, rather than an http-error (or I guess any other type of error) as I was doing.

I think, for me, the confusion came in because you can throw an http-error in a custom endpoint extension and you'll always get the 400 response with message (although that might still not work for GraphQL). This seemed to work for hooks as well but only because I was testing with an admin user.

Also, last time I looked at this I didn't notice the error package documentation and struggled to get something like throw new ValidationException('This is invalid because...'); and so fell back to using http-error. So thanks for all the work and updates around this! I would still suggest having some explicit extension docs around this behaviour rather than in Extensions/Resources/Packages/@directus/errors. That might make it a bit clearer as to what's going on.

We can add more details:

Based on this file:

directus/api/src/services/graphql/utils/process-error.ts

Line 19 in 0ac08da

code: 'INTERNAL_SERVER_ERROR',

The issue concern also an Admin user. For the returned object response, it'll see INTERNAL_SERVER_ERROR.

A non-admin will always have INTERNAL_SERVER_ERROR in the response.

In both cases, the log will show an INTERNAL_SERVER_ERROR instead of having GRAPHQL_VALIDATION.

See you :)

I wonder what's the relationship between directus/api/src/services/graphql/utils/process-error.ts and directus/api/src/middleware/error-handler.ts? Are these completely unrelated?

I reported a similar bug at the end of last year which I've only seen today that it's been resolved here.
#20442

The version of process-error linked above is a bit outdated. Looking at the latest version, it looks to be in alignment with the REST middleware.
https://github.com/directus/directus/blob/main/api/src/services/graphql/utils/process-error.ts

I'd say this bug is resolved @rijkvanzanten. Again, only thing I could suggest improving is the docs.