Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable _service field in Apollo Server for @apollo/subgraph #2991

Open
smyrick opened this issue May 1, 2024 · 0 comments
Open

Disable _service field in Apollo Server for @apollo/subgraph #2991

smyrick opened this issue May 1, 2024 · 0 comments

Comments

@smyrick
Copy link
Member

smyrick commented May 1, 2024

The _service field allows for runtime introspection of the full schema with Federated directives. It is helpful for Rover to fetch the schema if needed. However, if I have a schema file I can use to publish and share the schema the _service field is a security risk to potentially over expose the schema information. Just like how we recommend turning off introspection in production we should also have the option to turn off _service in production.

This is part an Apollo Server issue as well, but the library that adds the field is here. I will leave it up to the team to decide the best place to accept configuration options

Option 1

Disable adding the field in the first place

const options = {
  disableFederationServiceField: true
};

// New options param
const schema = buildSubgraphSchema({ typeDefs, resolvers, options });

Option 2

Infer from introspection config

const server = new ApolloServer({
  typeDefs,
  resolvers,
  introspection: false // Infer from here to hide the `_service` field ??
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@smyrick