From a19729741bdd6b208cb24da799ebdfe69137ff6c Mon Sep 17 00:00:00 2001 From: Julien Verger Date: Fri, 4 Aug 2023 11:53:06 +0200 Subject: [PATCH 1/3] feat(graphql): allow to enable/disable the introspection query --- core/configuration.md | 4 ++++ core/graphql.md | 14 ++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/core/configuration.md b/core/configuration.md index d44afd18adf..bf22c6f94cd 100644 --- a/core/configuration.md +++ b/core/configuration.md @@ -147,6 +147,10 @@ api_platform: # Enabled by default with installed webonyx/graphql-php and Twig. enabled: false + introspection: + # Enabled by default with installed webonyx/graphql-php. + enabled: true + # The nesting separator used in the filter names. nesting_separator: _ diff --git a/core/graphql.md b/core/graphql.md index 883d3b1dd3f..43f3a9a0d4e 100644 --- a/core/graphql.md +++ b/core/graphql.md @@ -116,6 +116,20 @@ api_platform: # ... ``` +## Disabling the introspection query + +For security reason, the introspection query should be disabled to not expose the graphql schema. + +If you need to disable it, it can be done in the configuration: + +```yaml +# api/config/packages/api_platform.yaml +api_platform: + graphql: + introspection: false +# ... +``` + ## Request with `application/graphql` Content-Type If you wish to send a [POST request using the `application/graphql` Content-Type](https://graphql.org/learn/serving-over-http/#post-request), From 855c4fb67a0f08e8c45c479d83b4d44d7f28ea7e Mon Sep 17 00:00:00 2001 From: Julien Verger Date: Fri, 4 Aug 2023 17:04:22 +0200 Subject: [PATCH 2/3] fix linter --- core/graphql.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/graphql.md b/core/graphql.md index 43f3a9a0d4e..f6c0c88e217 100644 --- a/core/graphql.md +++ b/core/graphql.md @@ -118,7 +118,7 @@ api_platform: ## Disabling the introspection query -For security reason, the introspection query should be disabled to not expose the graphql schema. +For security reason, the introspection query should be disabled to not expose the GraphQL schema. If you need to disable it, it can be done in the configuration: From 503cb8f7b45d3e1d850a00975ab813def24969c2 Mon Sep 17 00:00:00 2001 From: Alan Poulain Date: Tue, 8 Aug 2023 15:43:17 +0200 Subject: [PATCH 3/3] Update core/graphql.md --- core/graphql.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/graphql.md b/core/graphql.md index f6c0c88e217..c0dce11709e 100644 --- a/core/graphql.md +++ b/core/graphql.md @@ -116,7 +116,7 @@ api_platform: # ... ``` -## Disabling the introspection query +## Disabling the Introspection Query For security reason, the introspection query should be disabled to not expose the GraphQL schema.