Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allowlist Bug: including an unused fragment results in whole query being blocked (2.0.0 alpha v6)? #6750

Open
kennandavison opened this issue Apr 5, 2021 · 1 comment
Open

Allowlist Bug: including an unused fragment results in whole query being blocked (2.0.0 alpha v6)? #6750

kennandavison opened this issue Apr 5, 2021 · 1 comment
Labels
a/api/graphql a/api support/needs-triage Needs to be triaged so that we have enough information to add this to our backlog

Comments

@kennandavison
Copy link

kennandavison commented Apr 5, 2021
edited
Loading

Hi, I have an allowlist operation that looks like:

query exampleQuery($where: a_bool_exp!) {
  a(where: $where) {
    ...frag
    b {
      id 
    }
  }
}

fragment frag on a {
  id
}

When I include a fragment for b, it seems to get blocked even if I'm not using it:

query exampleQuery($where: a_bool_exp!) {
  a(where: $where) {
    ...frag
    b {
      id
    }
  }
}

fragment frag on a {
  id
}
fragment frag2 on b {
  id
}

Exact same fields. The mere insertion of the fragment without even using it seems to get the whole query blocked. Any idea? Literally just this 1 query of 100+.

Not sure if this related: #5156
@kennandavison kennandavison changed the title Including an unused fragment results in whole query being blocked (2.0.0 alpha v6)? Allowlist Bug: including an unused fragment results in whole query being blocked (2.0.0 alpha v6)? Apr 5, 2021
@tirumaraiselvan tirumaraiselvan added the support/needs-triage Needs to be triaged so that we have enough information to add this to our backlog label Apr 28, 2021
@tirumaraiselvan
Copy link
Contributor

I think allow list engine does a blind string match of the incoming query and hence an extra fragment throws an error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
a/api/graphql a/api support/needs-triage Needs to be triaged so that we have enough information to add this to our backlog
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tirumaraiselvan @kennandavison @martin-hasura