diff --git a/composer.json b/composer.json
index aa1c89171..b6c112e82 100644
--- a/composer.json
+++ b/composer.json
@@ -25,7 +25,10 @@
     },
     "config": {
         "bin-dir": "bin",
-        "sort-packages": true
+        "sort-packages": true,
+        "allow-plugins": {
+            "phpstan/extension-installer": true
+        }
     },
     "require": {
         "php": ">=7.2",
diff --git a/src/Controller/GraphController.php b/src/Controller/GraphController.php
index 8642580db..e2c38a0a9 100644
--- a/src/Controller/GraphController.php
+++ b/src/Controller/GraphController.php
@@ -8,6 +8,7 @@
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
 
 class GraphController
 {
@@ -36,18 +37,25 @@ class GraphController
      */
     private $useApolloBatchingMethod;
 
+    /**
+     * @var bool
+     */
+    private $debugMode;
+
     public function __construct(
         GraphQLRequest\ParserInterface $batchParser,
         GraphQLRequest\Executor $requestExecutor,
         GraphQLRequest\ParserInterface $requestParser,
         $shouldHandleCORS,
-        $graphQLBatchingMethod
+        $graphQLBatchingMethod,
+        $debugMode = true
     ) {
         $this->batchParser = $batchParser;
         $this->requestExecutor = $requestExecutor;
         $this->requestParser = $requestParser;
         $this->shouldHandleCORS = $shouldHandleCORS;
         $this->useApolloBatchingMethod = 'apollo' === $graphQLBatchingMethod;
+        $this->debugMode = $debugMode;
     }
 
     /**
@@ -87,7 +95,17 @@ private function createResponse(Request $request, string $schemaName = null, boo
             if (!\in_array($request->getMethod(), ['POST', 'GET'])) {
                 return new Response('', 405);
             }
-            $payload = $this->processQuery($request, $schemaName, $batched);
+
+            try {
+                $payload = $this->processQuery($request, $schemaName, $batched);
+            } catch(BadRequestHttpException $e) {
+                if ($this->debugMode) {
+                    throw $e;
+                } else {
+                    return new JsonResponse('', 400);
+                }
+            }
+
             $response = new JsonResponse($payload, 200);
         }
         $this->addCORSHeadersIfNeeded($response, $request);
diff --git a/src/Resources/config/services.yaml b/src/Resources/config/services.yaml
index 06aa070d6..46202c8b3 100644
--- a/src/Resources/config/services.yaml
+++ b/src/Resources/config/services.yaml
@@ -90,6 +90,7 @@ services:
             - '@Overblog\GraphQLBundle\Request\Parser'
             - "%overblog_graphql.handle_cors%"
             - "%overblog_graphql.batching_method%"
+            - "%kernel.debug%"
 
     Overblog\GraphQLBundle\Definition\ConfigProcessor: ~