diff --git a/graphql/server/src/middleware/graphile.ts b/graphql/server/src/middleware/graphile.ts
index 354247f33..aa365e17a 100644
--- a/graphql/server/src/middleware/graphile.ts
+++ b/graphql/server/src/middleware/graphile.ts
@@ -36,6 +36,19 @@ const SAFE_ERROR_CODES = new Set([
   'INVITE_LIMIT',
   'INVITE_EMAIL_NOT_FOUND',
   'INVALID_CREDENTIALS',
+  // CSRF
+  'CSRF_TOKEN_REQUIRED',
+  'INVALID_CSRF_TOKEN',
+  // Rate limiting / throttling
+  'TOO_MANY_REQUESTS',
+  'PASSWORD_RESET_LOCKED_EXCEED_ATTEMPTS',
+  // TOTP
+  'TOTP_NOT_ENABLED',
+  // Account / resource operations
+  'NULL_VALUES_DISALLOWED',
+  'OBJECT_NOT_FOUND',
+  'LIMIT_REACHED',
+  'REQUIRES_ONE_OWNER',
   // PublicKeySignature
   'FEATURE_DISABLED',
   'INVALID_PUBLIC_KEY',