How to disable introspection for production?
Closed this issue · 2 comments
wanton7 commented
I would like to disable introspection for production environment. Is it possible with graphql-helix?
orefalo commented
same issue
dotansimha commented
You can either modify the validationRules
and use NoSchemaIntrospectionCustomRule
in addition to the default set of rules:
import { specifiedRules, NoSchemaIntrospectionCustomRule } from 'graphql';
// ...
processRequest({
// ...
validationRules: [...specifiedRules, NoSchemaIntrospectionCustomRule]
})
Or, you can use envelop
(https://github.com/dotansimha/envelop/) and configure it using the plugin (https://www.envelop.dev/plugins/use-disable-introspection)