This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2019-04-25
Channels
- # announcements (3)
- # aws (6)
- # beginners (143)
- # boot (14)
- # calva (2)
- # cider (1)
- # clara (1)
- # clj-kondo (1)
- # cljdoc (4)
- # cljs-dev (50)
- # cljsrn (5)
- # clojure (61)
- # clojure-chicago (1)
- # clojure-europe (4)
- # clojure-italy (5)
- # clojure-nl (5)
- # clojure-spec (32)
- # clojure-uk (11)
- # clojurescript (166)
- # clojureverse-ops (2)
- # clr (3)
- # core-typed (1)
- # cursive (8)
- # datomic (21)
- # defnpodcast (1)
- # emacs (1)
- # figwheel (1)
- # figwheel-main (1)
- # fulcro (7)
- # graphql (7)
- # jobs (8)
- # leiningen (4)
- # luminus (3)
- # lumo (17)
- # mount (3)
- # nrepl (4)
- # off-topic (113)
- # pedestal (1)
- # re-frame (15)
- # reagent (2)
- # reitit (2)
- # shadow-cljs (75)
- # spacemacs (3)
- # sql (12)
- # tools-deps (44)
- # uncomplicate (2)
- # xtdb (15)
Anyone have any opinions on disabling introspection so malicious actors can't view the entire GraphQL schema you've defined?
Have an app that runs off of a graphql backend, but we've found that anyone can go in and expose the schema. There's nothing dangerous there but it exposes a lot of information we'd rather not share.
I would consider adding an option to disable introspection; you might disable introspection in production, but not in QA/staging. But no introspection ➠ no GraphIQL.
Oh interesting, that's what we were discussing doing, removing introspection from QA/staging but leaving it in dev. I read that GraphiQL relies heavily on introspection and won't work without it.
I have to figure out now how to go about disabling it in Lacinia.
Does lacinia take PRs for that sort of thing?