spring-boot

History

Brian Clozel c5817f21eb Add property for disabling GraphQL schema introspection Prior to this commit, the GraphQL schema assembled by the auto-configuration would provide no option for disabling the field introspection. While this feature is essential for many tools (including GraphiQL), some prefer disabling it because this allows clients to gather information about types and schema easily. This commit introduces a new `spring.graphql.schema.introspection.enabled` configuration property. Because potential attackers can still gather this information and this feature is a core concern in the GraphQL spec, introspection is enabled by default for Spring Boot applications. Closes gh-29248	2022-01-03 17:36:58 +01:00
..
src	Add property for disabling GraphQL schema introspection	2022-01-03 17:36:58 +01:00
build.gradle	Document Spring GraphQL support	2021-12-21 08:34:56 +01:00

Brian Clozel c5817f21eb Add property for disabling GraphQL schema introspection

Prior to this commit, the GraphQL schema assembled by the
auto-configuration would provide no option for disabling the field
introspection.

While this feature is essential for many tools (including GraphiQL),
some prefer disabling it because this allows clients to gather
information about types and schema easily. This commit introduces a new
`spring.graphql.schema.introspection.enabled` configuration property.

Because potential attackers can still gather this information and this
feature is a core concern in the GraphQL spec, introspection is enabled
by default for Spring Boot applications.

Closes gh-29248

2022-01-03 17:36:58 +01:00

src

Add property for disabling GraphQL schema introspection

2022-01-03 17:36:58 +01:00

build.gradle

Document Spring GraphQL support

2021-12-21 08:34:56 +01:00