The limitation of /graphql/schema
#237
Labels
status: superseded
Issue is superseded by another
Comments
spring-projects-issues
added
the
status: waiting-for-triage
|
Enabling/disabling the schema endpoint is not about security, but convenience. In that sense, I don't think we necessarily need to align schema introspection and schema exposure in text format. People might still want to easily disable introspection, so I've created spring-projects/spring-boot#29248 since the auto-configuration has now moved to the Spring Boot project. In the meantime, you should be able to achieve just that with the following: I'm closing this issue as it's superseded by the Spring Boot one. |
bclozel
added
status: superseded
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
User still can get all the detail about the definition of schema by
IntrospectionQuery, and not only ‘Type’ definition but also directive definition./graphql/schemaseems to be redundant, orIntrospectionQueryalso need to be limited as well.The text was updated successfully, but these errors were encountered: