You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I know it's a question, but I suspect they are cannot be disabled. They're also a security issue.
Our app has been subject to penetration testing and the following issue came up:
I already disabled introspection with the graphql-disable-introspection npm module, but I can't find a setting to get rid of the query/mutation suggestions.
This is a known issue in the graphql-js library itself. For now, one solution might be to strip these out of the errors via formatError or a custom Apollo Server plugin.
I know it's a question, but I suspect they are cannot be disabled. They're also a security issue.
Our app has been subject to penetration testing and the following issue came up:
e.g. https://HOSTNAME/graphql?query={user_} results in GraphQL API suggesting mutations and queries which have a similar name to ”user_”.
I already disabled introspection with the graphql-disable-introspection npm module, but I can't find a setting to get rid of the query/mutation suggestions.
See related article:
https://apisecurity.io/issue-116-facebook-parler-api-vulnerabilities-clairvoyance/#tools--clairvoyance
The text was updated successfully, but these errors were encountered: