How to disable introspection for production?

Question

How to disable introspection for production?

Closed this issue 3 years ago · 2 comments

I would like to disable introspection for production environment. Is it possible with graphql-helix?

Answer 1 · 2021-09-18T06:40:17.000Z

same issue

Answer 2 · 2021-09-19T04:50:45.000Z

You can either modify the validationRules and use NoSchemaIntrospectionCustomRule in addition to the default set of rules:

import { specifiedRules, NoSchemaIntrospectionCustomRule } from 'graphql';

// ... 

processRequest({
  // ...
  validationRules: [...specifiedRules, NoSchemaIntrospectionCustomRule]
})

Or, you can use envelop (https://github.com/dotansimha/envelop/) and configure it using the plugin (https://www.envelop.dev/plugins/use-disable-introspection)